Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Security Copilot enhances Microsoft Entra ID Protection capabilities by providing AI-powered insights for identity risk investigation and remediation. This article describes how to use Microsoft Security Copilot with Microsoft Entra ID Protection to streamline identity risk management and improve your organization's security posture. Using this feature requires a tenant with Microsoft Security Copilot enabled.
Microsoft Entra ID Protection scenarios supported by Microsoft Security Copilot
Security Copilot is integrated into the Microsoft Entra admin center and works seamlessly with Microsoft Entra ID Protection features. The following list provides an overview of the scenarios supported by Security Copilot:
| Scenario | Role(s) | License | Tenant |
|---|---|---|---|
| Risky users | Identity Governance Administrator | Microsoft Entra ID P2 license | Any |
| Application risk | Application Administrator Cloud Application Administrator |
Workload Identity Premium or Microsoft Entra ID P2 license | Any with Risky Service Principal prompts |
Risky users
Microsoft Entra ID Protection applies the capabilities of Security Copilot to summarize a user's risk level, provide insights relevant to the incident at hand, and provide recommendations for rapid mitigation. Identity risk investigation is a crucial step to defend an organization. Security Copilot helps reduce the time to resolution by providing IT admins and security operations center (SOC) analysts the right context to investigate and remediate identity risk and identity-based incidents. Risky user summarization provides admins and responders quick access to the most critical information in context to aid their investigation.
You can add your own prompts in the Copilot window for the following use cases;
Application risk
Identity administrators and security analysts can use Microsoft Security Copilot to quickly assess the risk level of applications from workload identities. By using natural language queries, you can easily discover the granted permissions, unused apps in your tenant, and the risk level of applications. This allows admins to take appropriate actions to mitigate risks and ensure the security of your organization's applications.
Refer to the prompts and examples in Assess application risks using Microsoft Security Copilot in Microsoft Entra to learn how to use Microsoft Security Copilot to assess application risk for the following use-cases;
- Explore Microsoft Entra risky service principals
- Explore Microsoft Entra service principals
- Explore Microsoft Entra applications
- View the permissions granted on a Microsoft Entra service principal
- Explore unused Microsoft Entra applications
- Explore Microsoft Entra Applications outside my tenant