Microsoft Adoption
Microsoft Security CopilotUse Security Copilot agents across Microsoft Defender, Entra, Intune, and Purview to help you detect, investigate, and respond faster.
Learn more Video hubJoin our Global Technical Workshop Series for virtual, hands-on sessions that show how to apply Security Copilot in real security and IT workflows. Designed for technical practitioners who want to get started with Security Copilot agents and build deeper AI expertise across Microsoft Defender, Entra, Purview, and Intune.
Triage alerts, investigate threats, and identify real risk faster by cutting through the noise and surfacing what matters most.
Autonomously triages phishing, identity, and cloud alerts to separate true threats from false alarms, providing transparent reasoning and clear verdicts so analysts can focus on the highest-risk activity.
Learn moreGenerates tailored briefings by synthesizing threat intelligence with your environment’s context, delivering prioritized insights, risk assessments, and actionable recommendations to help teams understand emerging threats and focus on what matters most.
Learn moreContinuously analyzes security telemetry to surface previously undetected or evolving threats, adapting detection based on changing attacker behaviors rather than relying solely on static rules.
Learn moreIdentify data risks, prioritize alerts, and take action to protect sensitive information across your organization.
Autonomously triages data loss prevention and insider risk alerts to surface the highest-risk incidents, with clear summaries, supporting evidence, and prioritized context. It can also initiate remediation with data owners to help reduce exposure while minimizing manual investigation.
Learn moreIdentifies data risks by uncovering exposed sensitive data, including credentials. It delivers executive summaries and actionable recommendations, including suggested label updates, to help teams strengthen their data security posture.
Learn moreUnderstand identity risks, identify gaps, and take action while continuously monitoring and improving our identity security.
Continuously optimize your identity security posture. The agent detects gaps, aligns policies, and guides remediation with safe rollout, helping you stay protected as your environment evolves.
Learn moreTranslate requirements into policies, assess changes before rollout, and remediate vulnerabilities to reduce risk across endpoints.
Translates your organization’s requirements into clear, actionable configurations and provides guidance on settings. IT admins can now create and validate policies easily—making security and productivity goals easier to achieve
Learn moreThe Change Review Agent analyzes changes in context, checking for risks, conflicts, and compliance. It provides detailed insights and clear recommendations, so you can move forward with confidence knowing your decision is informed.
Learn moreThe Vulnerability Remediation Agent helps organizations prioritize and remediate critical vulnerabilities. It analyzes impact and determines which vulnerabilities need immediate attention and should be prioritized.
Learn moreUnderstand emerging threats, prioritize risk, and take action using intelligence tailored to your environment.
Generates tailored briefings by synthesizing threat intelligence with your environment’s context, delivering prioritized insights, risk assessments, and actionable recommendations to help teams understand emerging threats and focus on what matters most.
Learn moreReady-to-use agents built into your daily workflows across Microsoft Security tools, helping you triage, investigate, and respond faster
About Microsoft built agentsExtend automation and context across tools beyond Microsoft, all available in the Security Store
Explore agents in Security StoreEasily create agents tailored to your unique needs with no coding required, or build in your preferred tools like VS Code
Learn to build your own agentExplore demos, customer stories, and quick guides to see how Security Copilot helps you investigate, respond, and take action across your workflows.
triage of user-submitted phishing alerts, with 77% more accurate verdicts.
Read Security Alert Triage Agent studymissing Zero Trust baseline policies, with 43% faster task completion and 48% higher accuracy.
Read Conditional Access Agent studyin mean time to resolution (MTTR) for customers using Security Copilot.
Read Productivity Gains studySt. Luke’s University Health Network saves nearly 200 hours monthly with the Security Alert Triage Agent by automatically handling thousands of false positive phishing alerts.
Read the storyAuckland Transport uses Security Copilot agents to process large volumes of data and surface actionable insights, reducing missed threats.
Read the storyTÜV SÜD analyzes threats 60–70% faster using Security Copilot, accelerating investigations and reducing risk across global IT environments.
Read the storyElanco improves security posture and reduces response times by up to 50% using Security Copilot and Defender Experts for XDR.
Read the storyMicrosoft partners play a critical role in helping customers adopt and scale Security Copilot as part of their E5 security strategy. The Microsoft Intelligent Security Association (MISA) is an ecosystem of leading security partners—comprising software development companies and services partners that have integrated their solutions with Microsoft Security technology.
Security Store brings Microsoft and partner innovation directly into Security Copilot so you can discover, deploy, and run solutions instantly. Browse a curated catalog of vetted agents and SaaS solutions, all designed to run natively in your environment with full visibility and control—so you can move from insight to action, faster. Even better, Security Store is embedded directly into your Microsoft Defender, Entra and Purview experiences, so you can discover, deploy, and run Microsoft and partner solutions exactly where you work.
Eliminate complex integrations and long procurement cycles. Find the right Security Copilot agents for your needs and activate them in minutes, built to work seamlessly across your Microsoft security stack.
Security Copilot delivers agentic automation and AI-driven insights across Security and IT, empowering organizations to protect, detect, and respond at the speed and scale of AI.
Security Copilot combines a specialized language model with security-specific capabilities from Microsoft. These capabilities incorporate a growing set of security-specific skills informed by our unique global threat intelligence and more than 100 trillion daily signals.
Yes, Security Copilot is generally available for use by security and IT teams.
Get started by flexibly provisioning compute capacity to run Security Copilot workloads. Scale confidently to meet your evolving needs even during periods of unexpected demand. Learn about pricing and read more about how to get started with Security Copilot. Security Copilot will also now be included in Microsoft 365 E5. See below for details.
Yes. Copilot integrates with other Microsoft Security products, including but not limited to Microsoft Defender XDR, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, Microsoft Purview, Microsoft Defender for Cloud, and Microsoft Defender External Attack Surface Management. It also integrates with Azure security tools including Azure Web Application Firewall (WAF) and Azure Firewall. Copilot uses the data and signals from these products to generate customized guidance.
Yes. Security Copilot integrates with partner products to provide plugins and promptbooks that extend customer insights. Copilot capabilities include agents built by partners. Learn more about partners that integrate with Security Copilot. View list of partners.
Security Copilot agents enhance security and IT operations with autonomous and adaptive automation. Integrated seamlessly with Microsoft Security solutions and partner ecosystems, agents handle high-volume security tasks, reduce workloads, and accelerate responses. They learn from feedback and adapt to workflows, boosting efficiency while teams stay in control. Read the announcement.
Users interact with agents from within Microsoft Defender, Entra, Intune, Microsoft Purview, and Security Copilot. Get started with Security Copilot agents using security compute units (SCUs) or access as part of your Microsoft 365 E5 or E7 subscription.
At Ignite 2025, Microsoft announced that Security Copilot agents will be directly built into the flow of work for security teams, available in Microsoft Defender, Entra, Intune and Purview. To make the agents easily accessible and help security teams get started faster, Security Copilot will be available to all Microsoft 365 E5 and E7 customers. Microsoft 365 E5 customers already using Security Copilot as of November 18, 2025, can access this benefit now. All other Microsoft 365 E5 and E7 customers will be activated through a phased roll-out in the upcoming months. Customers will receive advanced notice.
Eligible Microsoft 365 E5 and E7 customers will have 400 Security Compute Units (SCUs) per month for every 1000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Example 1: An organization with 400 seats gets 160 SCUs/month. Example 2: An organization with 4,000 seats gets 1,600 SCUs/month. Learn more.
Microsoft 365 E5 customers already using Security Copilot as of November 18, 2025, can access this benefit now. All other Microsoft 365 E5 and E7 customers will be activated through a phased roll-out in the upcoming months. Customers will receive advanced notice.
Step-by-step guidance to understand, set up, and use Security Copilot across your security and IT workflows
Learn more about Security CopilotOnboarding guidance and deployment support from Microsoft experts to help you roll out Security Copilot with confidence.
Get FastTrack supportEngage with the Microsoft Security Community. Your one stop to connect, learn and influence the future of Microsoft security products.
Start engaging