Publish a Microsoft Security Copilot agent or Microsoft Sentinel Data Lake Notebook Job in Security Store

To successfully publish a Security Copilot agent or analytics solution, it's essential to package your deployment files in a structured and compliant format.

Read this article for the steps to create a valid .zip package that includes your agent manifest, Microsoft Sentinel Data Lake notebooks, and any required Microsoft Azure resources. It also provides instructions for Mac users to avoid hidden system files that could inadvertently disrupt the publishing process.

By following the recommended folder structure and metadata requirements, your solution will be ready for listing on Security Store using the Software as a Service (SaaS) offer type.

Create the package

After building your agent or analytics solution, put your agent manifest YAML along with other dependencies like Microsoft Sentinel Data Lake notebooks and Microsoft Azure resources into your .zip structure.

Each package should contain one agent manifest. Place all the required subfolders directly in the root of the .zip file, instead of inside a parent folder.

Publish an offer in the Partner Center

Start listing your application on Security Store by creating an offer.

Next, when you're selecting offer type, choose Software as a Service. Even though you might be listing an agent, SaaS is the offer type used for all security applications in the Security Store. The SaaS offer type has an extensible framework that helps enable agent monetization and deployment orchestration.

When prompted, choose a friendly and descriptive alias in order to remember the offer name and what the offer does.

• Would you like to sell through Microsoft? Choose Yes. Security Store supports this option only. If you plan to not charge for your solution, you can set a $0 USD price.
• Would you like to use Microsoft license management service? Choose No. This question is specific to business applications integrated with Microsoft Graph/Microsoft 365.
• Customer leads: You can choose to connect your CRM for storing leads that come from free trials of your solution. Learn more in Lead management from Microsoft commercial marketplace - Marketplace publisher.
• Microsoft integrations: Check the box stating the offer integrates with Microsoft Security services. Don't check any other boxes.

Fill out the metadata properties

• Categories: Select Security or Compliance from your primary category.
• Industries: Leave this option blank. Industries is only relevant for AppSource.

You can choose to use the Standard Contract that codifies common terms or provide your own.

The Offer listing

Fill out your offer listing details. In the Search results summary, sum up what your agent does in a single line (you can use Copilot to help you summarize). In the Description, include:

• Agent tasks: Tasks should be comma separated.
• Agent workflow: Make two sections:
  • Input: Make this section.comma separated.
  • Output Make this section.comma separated.

Read through your offer listing for any errors, particularly in the Agent workflow.

Add the Security Store metadata, and offer .zip file

Go to Offer Setup and check the box indicating that your solution integrates with Microsoft Security services.

Select Save draft. A new menu item appears on the left menu called Microsoft Security services.

Select Microsoft Security services. You'll see a new page that asks you to enter metadata that's specific to Security Store.

When you select Deployable solution, you get more fields under License management.

License management is mandatory for deployable solutions.

Create the plan and pricing

Select Plan overview in the left menu of the Microsoft Partner Center. The plan is a part of the offering that specifies a package and pricing details.

Give the plan a Name and Description, then select Edit Markets. The Edit Markets link allows you to specify where in the world you want to offer this agent.

Next you'll be asked to pricing model and price your agent. The pricing model can't be changed once the offer is published, and all plans in the offer use the same pricing model, so take a moment here. There are two options.

• Flat rate: Allows charging customers a fixed fee for the SaaS solution, regardless of usage. The flat-rate model is ideal for straightforward offerings where pricing doesn't vary by consumption.

• Per user: You charge a fixed fee per licensed user who can access the SaaS solution. Each user occupies a seat, and the total cost is calculated by multiplying the price per seat by the number of users. Partners can define minimum and maximum user limits for each plan. The solution provides individual value to each user. Use per user for a predictable billing based on user count, or if there's a need to scale access across teams or organizations.

Even when the plan is to offer a specific agent for free, a price is required. If this is a free offer, the price should be $0 USD.

Pricing paid agents using Contract (subscription-based)

If you chose to let Microsoft manage agent licenses when deploying your solution, the only pricing model supported for agents on Security Store is a contract (by subscription).

A contract creates a license fee that you can charge on a monthly or annual basis. Microsoft manages billing and provisioning for the license.

To charge via contract/subscription for your agent, choose these configuration options:

• Pricing model: Choose Flat rate.
• Contract duration: Choose from 1 month or 1-5 years. The contract duration determines how long a customer has access to your agent. For a monthly subscription, choose 1 month.
• Billing frequency: Choose from a one-time payment for the entirety of the contract or monthly billing. For example, you can offer a one-year contract that's billed monthly, meaning the customer gets billed every month for 12 months.

Other options

Some final metadata of which you should be aware:

• Marketplace metering service dimensions: In this case, skip this section. Metering isn't yet offered as an option for monetizing agents. Options can change in the future.
• Free trial: Check this box to offer a one-month free trial. Free trials automatically convert to a paid subscription at the end of the trial. This automatic transition won't take place if the customer cancels the subscription before the trial period ends. See Plans and pricing for Microsoft Marketplace offers.
• Plan visibility: Set to Public for the solution to be discoverable in the Security Store. You can also set to Private to distribute a solution to select customers by providing their Tenant IDs.

Save your offering draft once you complete this section.

Technical configuration

If your offer is an agent, fill out this section as described. Proper technical configuration enables Security Store to successfully deploy your agent and manage its lifecycle.

Replace the connection webhook with your own if programmatic notifications are needed; for example, if you need notification when a customer buys the agent. You can find more details on how to develop the webhook in Implementing a webhook on the SaaS service - Marketplace publisher.

The technical configuration:

1. Landing page URL: https://securitystore.microsoft.com/mysolutions
2. Connection Webhook: Copy and paste your webhook URL.
3. Microsoft Entra Tenant ID: Copy and paste your Microsoft Entra Tenant ID here.
4. Microsoft Entra Application ID: Copy and paste your Microsoft Entra Application ID here. If you already have a Microsoft Entra Application ID that you created for a different SaaS offer, you can reuse it here. Otherwise, Register for a Microsoft Entra Application ID in four steps.

Preview and test

Before you publish, we recommend you preview your listing and test it end-to-end using the preview audience feature. See How to preview and test your offer listing for Secure Store to set up an audience of people who can preview and test your offer.