Microsoft launched Security Copilot in 2023 after deciding to follow the AI copilot trend. The service generated security alerts using large language models (LLMs), as was to be expected. However, since then, Security Copilot has seen significant development and has been integrated with Microsoft Defender XDR. Microsoft is now prepared to advance this capability and make it available via its Entra platform.
The Redmond tech company revealed in a lengthy blog post that Security Copilot in Entra has officially left public preview and is available for use by all IT administrators. The service's concept is to use natural language inquiries from clients to monitor and investigate security problems in conjunction with Entra products.
Identity Insights and Investigation
Get a complete view of users, groups, sign-ins and risk, all in one place:
- Users: Investigate a user’s sign-ins, roles, apps, groups, and permissions.
- Groups: Understand group membership, access paths, and permissions.
- Sign-In Logs: Analyze abnormal or failed sign-ins to detect access issues or suspicious activity.
- Audit Logs: See who made changes to identities, policies, or configurations across Microsoft Entra.
- Lifecycle Workflows: Manage onboarding/offboarding workflows and flag issues across joiner, mover, leaver tasks.
- Risky Users: Investigate high-risk users and prioritize remediation.
Access Governance and Review
Simplify reviews and reduce excessive permissions:
- Access Reviews: Get summarized recommendations to streamline decisions.
- Entitlement Management: Review access package settings and assignments.
- Entra ID RBAC: Spot over-privileged roles and analyze assignment.
App and Resource Protection
Quickly identify risky apps, secure configurations, and improve licensing hygiene:
- App Risk: Investigate app behaviors, detect misconfigurations, and flag risky integrations.
- Microsoft Entra Recommendations: Act on best-practice guidance, security alerts, and policy recommendations.
- License Utilization: Analyze license usage to optimize costs and tie licenses to active identities.
Monitoring and Posture Management
Get a clearer view of your tenant, to keep it healthy and secure:
- Alerts in Scenario Health Monitoring: Detect risks tied to misconfigurations or coverage gaps.
- SLA in Scenario Health Monitoring: Identify performance or reliability issues affecting key identity workflows.
- Tenants: Investigate cross-tenant access, trust relationships, and tenant-specific risk.
- Domains: Verify domain health and review exposure risks.
- MFA Auth Methods: Audit usage and enforce phishing-resistant MFA.
Additionally, Microsoft has improved Security Copilot's intelligence to better comprehend your natural language inquiry, even if it is somewhat complex. Additionally, it will offer more lucid responses, which the Redmond tech company claims are a major improvement over the ones that were offered during the public preview. Nevertheless, Microsoft has made it clear that it is still striving to improve Security Copilot so that it can manage other situations as well. More information on those plans and Microsoft Entra's Conditional Access Optimization Agent can be found in this blog article.