Take Flight with Microsoft Security Copilot Flight School
Greetings pilots, and welcome to another pioneering year of AI innovation with Security Copilot. Find out how your organization can reach new heights with Security Copilot through the many exciting announcements on the way at both Microsoft Secure and RSA 2025. This is why now is the time to familiarize yourself and get airborne with Security Copilot. Go to School Microsoft Security Copilot Flight School is a comprehensive series charted to take students through fundamental concepts of AI definitions and architectures, take flight with prompting and automation, and hit supersonic speeds with Logic Apps and custom plugins. By the end of the course, students should be equipped with the requisite knowledge for how to successfully operate Security Copilot to best meet their organizational needs. The series contains 11 episodes with each having a flight time of around 10 minutes. Security Copilot is something I really, really enjoy, whether I’m actively contributing to its improvement or advocating for the platform’s use across security and IT workflows. Ever since I was granted access two years ago – which feels like a millennium in the age of AI – it’s been a passion of mine, and it’s why just recently I officially joined the Security Copilot product team. This series in many ways reflects not only my passion but similar passion found in my marketing colleagues Kathleen Lavallee (Senior Product Marketing Manager, Security Copilot) Shirleyse Haley (Senior Security Skilling Manager), and Shateva Long (Product Manager, Security Copilot). I hope that you enjoy it just as much as we did making it. Go ahead, and put on your favorite noise-cancelling headphones, it’s time, pilots, to take flight. Log Flight Hours There are two options for watching Security Copilot Flight School: either on Microsoft Learn or via the Youtube Playlist found on the Microsoft Security Youtube Channel. The first two episodes focus on establishing core fundamentals of Security Copilot platform design and architecture – or perhaps attaining your instrument rating. The episodes thereafter are plotted differently, around a standard operating procedure. To follow the ideal flight path Security Copilot should be configured and ready to go – head over to MS Learn and the Adoption Hub to get airborne. It’s also recommended that pilots watch the series sequentially, and be prepared to follow along with resources found on Github, to maximize learning and best align with the material. This will mean that you’ll need to coordinate with a pilot with owner permissions for your instance to create and manipulate the necessary resources. Episode 1 - What is Microsoft Security Copilot? Security is complex and requires highly specialized skills to face the challenges of today. Because of this, many of the people working to protect an organization work in silos that can be isolated from other business functions. Further, enterprises are highly fragmented environments with esoteric systems, data, and processes. All of which takes a tremendous amount of time, energy, and effort just to do the day-to-day. Security Copilot is a cloud-based, AI-powered security platform that is designed to address the challenges presented by complex and fragmented enterprise environments by redefining what security is and how security gets done. What is AI, and why exactly should it be used in a cybersecurity context? Episode 2 - AI Orchestration with Microsoft Security Copilot Why is The Paper Clip Pantry a 5-star restaurant renowned the world over for its Wisconsin Butter Burgers? Perhaps it’s how a chef uses a staff with unique skills and orchestrates the sourcing of resources in real time, against specific contexts to complete an order. After watching this episode you’ll understand how AI Orchestration works, why nobody eats a burger with only ketchup, and how the Paper Clip Pantry operates just like the Security Copilot Orchestrator. Episode 3 – Standalone and Embedded Experiences Do you have a friend who eats pizza in an inconceivable way? Maybe they eat a slice crust-first, or dip it into a sauce you never thought compatible with pizza? They work with pizza differently, just like any one security workflow could be different from one task team, or individual to the next. This philosophy is why Security Copilot has two experiences – solutions embedded within products, and a standalone portal – to augment workflows no matter their current state. This episode will begin covering those experiences. Episode 4 – Other Embedded Experiences Turns out you can also insist upon putting cheese inside of pizza crust, or bake it thick enough as to require a fork and knife. I imagine, it’s probably something Windows 95 Man would do. In this episode, the Microsoft Entra, Purview, Intune, and Microsoft Threat Intelligence products showcase how Security Copilot advances their workflows within their portals. Beyond baking in the concepts of many workflows, many operators, the takeaway from this episode is that Security Copilot works with security adjacent workflows – IT, Identity, and DLP. Episode 5 – Manage Your Plugins Like our chef in The Paper Clip Pantry, we should probably define what we want to cook, what chefs to use, and set permissions for those that can interact within any input or output from the kitchen. Find out what plugins add to Security Copilot and how you can set plugin controls for your team and organization. Episode 6 – Prompting Is this an improv lesson, or a baking show? Or maybe if you watch this episode, you’ll learn how Security Copilot handles natural language inputs to provide you meaningful answers know as responses. Episode 7 – Prompt Engineering With the fundamentals of prompting in your flight log, it’s time to soar a bit higher with prompt engineering. In this episode you will learn how to structure prompts in a way to maximize the benefits of Security Copilot and begin building workflows. Congrats, pilot, your burgers will no longer come with just ketchup. Episode 8 – Using Promptbooks What would it look like to find a series of prompts and run them, in the same sequence with the same output every time? You guessed it, a promptbook, a repeatable workflow in the age of AI. See where to access promptbooks within the platform, and claw back some of your day to perfect your next butter burger. Episode 9 – Custom Promptbooks You’ve been tweaking your butter burger recipe for months now. You’ve finally landed at the perfect version by incorporating a secret nacho cheese recipe. The steps are defined, the recipe perfect. How do you repeat it? Just like your butter burger creation, you might discover or design workflows with Security Copilot. With custom promptbooks you can repeat and share them across your organization. In this episode you’ll learn about the different ways Security Copilot helps you develop your own custom AI workflows. Episode 10 – Logic Apps System automation, robot chefs? Actions? What if customers could order butter burgers with the click of a button, and the kitchen staff would automatically make one? Or perhaps every Friday at 2pm a butter burger was just delivered to you? Chances are there are different conditions across your organization that when present requires a workflow to being. With Logic Apps, Security Copilot can be used to automatically aid workflows across any system a Logic App can connect to. More automation, less mouse clicking, that’s a flight plan everyone can agree on. Episode 11 – Extending to Your Ecosystem A famed restaurant critic stopped into the The Paper Clip Pantry butter burger, and it’s now the burger everyone is talking about. Business is booming and it's time to expand the menu – maybe a butter burger pizza, perhaps a doughnut butter burger? But you’ll need some new recipes and sources of knowledge to achieve this. Like a food menu the possibilities of expanding Security Copilot’s capabilities are endless. In this episode learn how this can be achieved with custom plugins and knowledgebases. Once you have that in your log, you will be a certified Ace, and ready to take flight with Security Copilot. Take Flight I really hope that you not only learn something new but have fun taking flight with the Security Copilot Flight School. As with any new and innovative technology, the learning never stops, and there will be opportunities to log more flight hours from our expert flight crews. Stay tuned at the Microsoft Security Copilot video hub, Microsoft Secure, and RSA 2025 for more content in the next few months. If you think it’s time to get the rest of your team and/or organization airborne there’s check out the Security Copilot adoption hub to get started: aka.ms/SecurityCopilotAdoptionHub Other Resources Our teams have been hard at work building solutions to extend Security Copilot, you can find them on our community Github page found at: aka.ms/SecurityCopilotGitHubRepo To stay close to the latest in product news, development, and to interact with our engineering teams, please join the Security Copilot CCP to get the latest information: aka.ms/JoinCCPEmpowering Security Copilot with NL2KQL: Transforming Natural Language into Insightful KQL queries
By leveraging NL2KQL, a powerful framework that translates natural language into KQL queries, Security Copilot makes querying in KQL as intuitive as a conversation. In this article, we’ll explore the story behind NL2KQL, its potential to transform security operations, and why it matters for the future of cybersecurity.Know Before You Go: Security Copilot at Microsoft Ignite 2024
We are just a few days away from Microsoft Ignite, happening from November 19–22, 2024, and the excitement is palpable! This year, we are thrilled to share Security Copilot with everyone, both in-person and virtual attendees alike. In-Person Experience: For those joining us in person, you'll have the opportunity to interact directly with our experts, attend immersive sessions, and see live demos of Security Copilot. Our hands-on labs and breakout sessions will provide you with practical insights and experiences that you can take back to your organization. Virtual Engagement: We haven’t forgotten about our virtual audience! You’ll have access to live-streamed sessions, interactive Q&As, and virtual demos. We’ve designed a rich and engaging online experience to ensure that you gain the same valuable insights and knowledge as those attending in person. We are excited to announce a series of innovative technical breakout sessions, theater sessions, labs, community opportunities, and demos designed to showcase the cutting-edge capabilities of Security Copilot. These are tailored to provide in-depth insights and hands-on experiences, ensuring attendees gain a comprehensive understanding of how to leverage Security Copilot to its fullest potential. Microsoft Security Copilot is your generative AI-powered assistant that helps teams improve security across organizations. Discover how Security Copilot enables you to protect at the speed and scale of AI by leveraging global threat intelligence, industry best practices, and organizational data from Microsoft and others to deliver tailored insights. Learn about the latest innovations, including AI-driven automation capabilities and new use cases that elevate security organization-wide. Join us for these exciting opportunities, whether in-person at McCormick Place in Chicago or virtually online. Explore how Security Copilot can transform your security operations, optimize efficiency, and enhance your organization's overall security posture. Whether you're a security professional, IT expert, or simply interested in the future of cybersecurity, these sessions offer valuable knowledge and practical tips to help you stay ahead in the ever-evolving world of cybersecurity. We look forward to your participation and can't wait to see you there! Breakout Sessions We are excited to announce our series of innovative technical breakout sessions, designed to showcase the cutting-edge capabilities of Security Copilot. These sessions are tailored to provide in-depth insights and hands-on experiences, ensuring attendees gain a comprehensive understanding of how to leverage Security Copilot to its fullest potential. BRK307: Transform your security with GenAI innovations in Security Copilot - Dorothy Li, Emily Longman, Dilip Radhakrishnan In Chicago + Online - Will be recorded Tuesday, November 19 - 11:30 AM - 12:15 PM Central Standard Time Microsoft Security Copilot is your generative AI-powered assistant that helps teams improve security across organizations. Discover how Security Copilot enables you to protect at the speed and scale of AI by leveraging global threat intelligence, industry best practices and organizational data from Microsoft and others to deliver tailored insights. Learn about the latest innovations, including AI-driven automation capabilities and new use cases that elevate security organization-wide. BRK308: Optimize with Security Copilot: Real-world insights and expert advice - Dennis Mercer, Heena Macwan In Chicago + Online - Will be recorded Thursday, November 21 - 3:45 PM - 4:30 PM Central Standard Time Discover how to unlock Microsoft Security Copilot's full potential. This session offers deep dives into valuable case studies, the latest efficiency data, and practical tips from product experts. Learn best practices and insider tricks to maximize Copilot’s benefits, ensuring quick value realization and enhanced security and IT operations. BRK316: One goal, many roles: Microsoft Security Copilot use cases for all - Nick Goodman, Ryan Munsch In Chicago + Online - Will be recorded Thursday, November 21 - 5:00 PM - 5:45 PM Central Standard Time Experience how Microsoft Security Copilot supports multiple cybersecurity roles through practical, real-world incidents. This session highlights Copilot's seamless integration with Microsoft’s security suite—Entra, Defender, Purview, and Intune - and its ability to provide tailored solutions that address a broad range of security functions beyond traditional SOC roles. BRK331: Security Partner Growth: Harness the Power of AI in Security Copilot - Vicki Beizer, Mona Ghadiri, James Key, Jose Lazaro In Chicago Only - Will be recorded Friday, November 22 - 10:15 AM - 11:00 PM Central Standard Time Discover new Security Copilot product capabilities built to enable partners to run their managed services business and expand their ISV solutions. Find out how Partners can maximize the capabilities of your technical resources to support customers more effectively. You will receive a preview of the new partner benefits and product developments coming next year and learn how you can get ahead of the curve. Don't miss this chance to stay ahead in the ever-evolving security landscape. Theater Sessions We are thrilled to announce our series of innovative Theater Sessions, designed to spotlight the pioneering capabilities of Security Copilot. These sessions provide a dynamic platform for learning, engaging, and exploring the future of cybersecurity. THR653: Mastering custom plugins in Microsoft Security Copilot - Rod Trent In Chicago Only - Will NOT be Recorded Tuesday, November 19 - 11:15 AM - 11:45 AM Central Standard Time Dive into the technical intricacies of Microsoft Security Copilot in this hands-on session. Gain practical knowledge on building plugins to customize Copilot for your organization's unique requirements. The session provides detailed instructions on creating custom integrations and automations, with a focus on plugin development. This is tailored for security and IT professionals looking to elevate Copilot's capabilities through advanced customization and seamless integration with existing security tools. THR555: Threat Intelligence at machine speed with Microsoft Security Copilot - Ryan Munsch In Chicago Only - Will NOT be Recorded Wednesday, November 20 - 9:00 AM - 9:15 AM Central Standard Time Threat intelligence is crucial for protecting against evolving threats, but extracting actionable insights from vast data can be overwhelming. Join Microsoft expert Ryan Munsch to discover how Security Copilot's generative AI streamlines threat intelligence. He'll show how Copilot acts as a research assistant, analyst, and responder, using guided experiences and prompts to simplify threat management and reduce the time, resources, and stress involved in defending your organization. Labs We're excited to invite you to dive deep into the cutting-edge capabilities of Security Copilot through our hands-on labs. These instructor led sessions are designed to provide a comprehensive, interactive experience, enabling you to fully understand and leverage the power of Security Copilot in your organization. LAB462: Boost security and IT efficiency with Microsoft Security Copilot - Rod Trent In Chicago Only - Will NOT be Recorded Wednesday, November 20 - 3:00 PM - 4:15 PM Central Standard Time Join us for an interactive lab to experience Microsoft Security Copilot in action. Through expert-led simulations, explore how generative AI streamlines incident response, expedites troubleshooting, and enhances decision-making across security and IT. Test-drive Security Copilot and see firsthand how it helps teams identify, respond to, and mitigate threats efficiently. Ideal for security professionals eager to experience the real-world impact of generative AI in security & IT. LAB462-R1: Boost security and IT efficiency with Microsoft Security Copilot - Rod Trent In Chicago Only - Will NOT be Recorded Thursday, November 21 - 8:30 AM - 9:45 AM Central Standard Time Join us for an interactive lab to experience Microsoft Security Copilot in action. Through expert-led simulations, explore how generative AI streamlines incident response, expedites troubleshooting, and enhances decision-making across security and IT. Test-drive Security Copilot and see firsthand how it helps teams identify, respond to, and mitigate threats efficiently. Ideal for security professionals eager to experience the real-world impact of generative AI in security & IT. Community We are excited to invite you to our series of Community Tabletops, designed to foster collaboration and innovation around Security Copilot. These sessions provide an interactive environment where you can engage with peers, share experiences, and explore the latest advancements in cybersecurity. COM1028: Community Roundtable: Security Copilot for IT Pros – Bill Mccluskey In Chicago Only - Will NOT be Recorded Tuesday, November 19 - 1:00 PM - 2:00 PM Central Standard Time This session will bring together experts and peers to explore real-world applications, share best practices, and discuss the latest features of Security Copilot. Attendees will gain invaluable insights into optimizing security measures, enhancing threat detection, and streamlining incident response. Join us to collaborate, network, and learn from the collective experience of your fellow IT pros in a dynamic and interactive environment. COM1029: Community Roundtable: Security Copilot for the SOC - Michael Pinch In Chicago Only - Will NOT be Recorded Tuesday, November 19 - 4:00 PM - 5:00 PM Central Standard Time Join us for an engaging roundtable discussion tailored specifically for Security Operations Center (SOC) professionals focused on optimizing the use of Security Copilot. This session will facilitate an interactive exchange of ideas, challenges, and best practices related to the deployment and management of Security Copilot within the SOC. Participants will gain insights into leveraging Security Copilot to enhance threat detection, streamline incident response, and improve overall SOC efficiency. This is a unique opportunity to network with peers, learn from industry experts, and collaboratively explore innovative solutions to common SOC challenges. Come prepared to share your experiences and take away actionable strategies to elevate your SOC's security posture. COM1030: Community Roundtable: Developing Security Copilot Plugins - Rod Trent In Chicago Only - Will NOT be Recorded Wednesday, November 20 - 11:00 AM - 12:00 PM Central Standard Time Join us for an engaging community roundtable focused on the development of plugins for Microsoft Security Copilot. This session provides a platform for developers, IT professionals, and cybersecurity enthusiasts to collaborate and exchange ideas on creating innovative plugins that enhance Security Copilot's capabilities. Attendees will gain insights into the plugin development process, explore successful case studies, and discuss best practices for integrating custom plugins into their security workflows. Whether you're a seasoned developer or new to plugin creation, this roundtable offers valuable takeaways and networking opportunities to help you expand Security Copilot's functionality and improve your organization's security posture. Demos and Networking Don't miss the opportunity to visit the Copilot demo station at the Expert meet-up. Our team will be showcasing the latest demos of Security Copilot, highlighting its powerful features and capabilities. Our experts will be on-hand to answer your questions and provide insights into how Security Copilot can enhance your security posture. Whether you're interested in learning about our innovative tools or need guidance on specific features, we're here to help. Be sure to stop by and experience firsthand how Security Copilot can help you stay ahead in the ever-evolving world of cybersecurity. We look forward to meeting you!Azure Firewall integration in Copilot for Security: protect networks at machine speed with Gen AI
The Azure Firewall integration in Copilot for Security helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.Microsoft Copilot for Security Defender Threat Intelligence and Threat Analytics Plugin Overview
Copilot for Security delivers information about threat actors, indicators of compromise (IOCs), tools, and vulnerabilities, as well as contextual threat intelligence from Microsoft Defender Threat Intelligence (MDTI) and Threat Analytics (TA).
