Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Identity administrators face increasing pressure to ensure proper access governance while managing complex identity lifecycles at scale. Microsoft Security Copilot transforms how you approach Microsoft Entra ID Governance by enabling natural language queries to quickly analyze access reviews, manage entitlement packages, monitor privileged access, and streamline lifecycle workflows.
In this article, learn about the Security Copilot scenarios available in Microsoft Entra ID Governance to enhance your identity lifecycle and access governance efforts.
Microsoft Entra ID Governance scenarios supported by Microsoft Security Copilot
Security Copilot is integrated into the Microsoft Entra admin center and works seamlessly with Microsoft Entra ID Governance features. The following list provides an overview of Microsoft Entra ID Governance scenarios supported by Security Copilot:
| Scenario | Role | License | Tenant |
|---|---|---|---|
| Access reviews | Identity Governance Administrator | Microsoft Entra ID P2 license | Any with access reviews configured |
| Entitlement management | Identity Governance Administrator | Microsoft Entra ID P2 license | Any with entitlement management configured |
| Privileged Identity Management (PIM) | Security Administrator Global Reader Security Reader |
Microsoft Entra ID P2 license | Any with PIM configured |
| Privileged Identity Management (PIM) write actions | None | Microsoft Entra ID P2 license, Microsoft Entra ID Governance SKUs, Entra Suite | Any with PIM configured |
| Lifecycle workflows | Lifecycle Workflows Administrator | Microsoft Entra ID Governance license | Any with lifecycle workflows configured |
Access reviews
Administrators can easily now extract and analyze access review data in Microsoft Entra ID Governance using Security Copilot. This integration empowers you to quickly explore, track, and gain insights from access reviews at scale—helping you make informed decisions and streamline your access governance processes.
This feature helps administrators;
- Understand who approved access
- Identify reviewers who took no decisions
- Investigate overrides of AI recommendations
Refer to the prompts and examples in Governance and optimization with Microsoft Security Copilot to learn how to use Microsoft Security Copilot with access reviews for the following use-cases;
For more information about access reviews, see;
Entitlement management
Entitlement management in Microsoft Entra ID enables organizations to manage identity and access lifecycle at scale, by automating workflows, access assignments, reviews, and expirations. Administrators can now interact with entitlement management data using natural language queries to get quick access to information. This includes access packages, policies, connected organizations, catalog resources, and customize curated data only previously available through custom scripting.
Refer to the prompts and examples in Governance and optimization with Microsoft Security Copilot to learn how to use Microsoft Security Copilot with entitlement management for the following use-cases;
For more information about entitlement management, see What is entitlement management?
Privileged Identity Management (PIM)
Using Security Copilot, privileged access can be managed and monitored more efficiently using natural language queries integrated with Microsoft Entra Privileged Identity Management (PIM). This approach provides instant insights into just-in-time role assignments, group memberships, and access to critical resources. AI-powered analysis enables quick identification of eligible or active PIM assignments, tracking of changes, and rapid response to potential risks—streamlining privileged access management and strengthening your security posture.
Refer to the prompts and examples in Governance and optimization with Microsoft Security Copilot to learn how to use Microsoft Security Copilot with PIM for the following use-case;
For more information about Privileged Identity Management, see What is Microsoft Entra Privileged Identity Management?
Privileged Identity Management (PIM) write actions
Users often encounter access denied errors in the Microsoft Entra admin center when attempting actions that require elevated privileges, such as viewing sign-in logs or listing admin role assignments. Identifying the correct role and ensuring it’s the least-privileged option can be complex and time-consuming. This combined with finding the right avenue to get that assignment can be overwhelming.
By using best practices from our least privileged access framework, Microsoft Security Copilot intelligently determines the least privileged role based on the desired task, checks for the eligible assignments, and enables the user through Just-in-Time (JIT) activation using PIM. This provides a seamless experience, reducing the burden for users who had to leave their Copilot chat, navigate to, and activate the role manually, and return to retry the query. This feature keeps everything in one continuous conversation, resulting in reduced friction, improved productivity, and secure access management.
Use the following prompts to get started with PIM write actions;
- I want to perform {the desired task}, help me activate a role so that I can perform the desired action.
- I am done with my investigation or {desired task}, deactivate my access.
- I accidentally activated a role, roll back my changes.
You can use these prompts in any of the following articles to get started with your investigations and then deactivate your access when you are done.
- Enterprise user management with Microsoft Security Copilot
- Identity Governance and optimization with Microsoft Security Copilot
- Investigate security incidents using Microsoft Security Copilot
- Assess application risks using Microsoft Security Copilot in Microsoft Entra
- Manage employee lifecycle using Microsoft Security Copilot
Lifecycle workflows
Microsoft Entra ID Governance applies the capabilities of Security Copilot to save identity administrators time and effort when configuring custom workflows to manage the lifecycle of users across JML scenarios. It also helps you to customize workflows more efficiently using natural language to configure workflow information including custom tasks, execute workflows, and get workflow insights.
Refer to the prompts and examples in Manage employee lifecycle using Microsoft Security Copilot to learn how to use Microsoft Security Copilot with lifecycle workflows for the following use-cases;
- Create step-by-step guidance for a new lifecycle workflow
- Explore available workflow configurations
- Analyze active workflow lists
- Troubleshoot a Lifecycle Workflow run
- Compare versions of a lifecycle workflow
For more information about lifecycle workflows, see What are lifecycle workflows?