Microsoft Copilot For Security To Be Generally Available In April

Copilot for Security will use a consumption pricing model as opposed to the per-license model of Microsoft 365 Copilot.

Microsoft will make its Copilot for Security generative artificial intelligence product generally available on April 1 with a consumption pricing model of $4 an hour billed monthly, a contrast to the $30 per-user, per-month model of Copilot for Microsoft 365.

AI-driven incident summarization, incident effects assessments, script reverse engineering and guided responses are just some of the potential early use cases for this GenAI tool from the Redmond, Wash.-based tech giant.

Vasu Jakkal, Microsoft’s corporate vice president of security, compliance, identity and management, told CRN that security services partners are important users of the tool and will serve a role in standing it up with customers.

“Like any new tool, we need to teach people to use it,” Jakkal said. “And the good news is it’s an easy tool to launch. But they [partners] can help with the deployment of it, they can help with the training of it. They can help optimize it. Partners can also develop their own promptbooks and add their own services. … There’s so much opportunity.”

[RELATED: Microsoft Unveils OpenAI-Powered Security Copilot: 5 Things To Know]

Exploring Microsoft’s Security Suite

Zac Paulson, product and strategy director at ABM Technology Group, a Fargo, N.D.-based Microsoft partner and member of CRN’s 2024 MSP 500, told CRN that his company has been rolling out Defender for Business, its first step into the Microsoft security stack.

As ABM further explores the Microsoft security suite, Paulson said he’d like to see more of Microsoft’s applications come with better security by default in the future.

“We use several other tools from other vendors now, but I could see that [Microsoft practice] expanding in the future as the Microsoft stack continues to grow and expand,” Paulson said.

Copilot For Security In Detail

Microsoft will make Copilot for Security available as a stand-alone portal and through a natively embedded experience in Entra, Defender, Intune, Purview and other existing Microsoft security products to give users options, according to the vendor.

The pricing model covers both experiences and is billed through a new security compute unit (SCU). Copilot users will leverage existing Azure subscriptions or sign up for one to provision Azure capacity to support Copilot workloads, according to Microsoft, which said it is still finalizing its Copilot for Security strategy.

Microsoft has positioned the Copilot for Security consumption model as a way for users to start small and experiment, ramping down usage during nighttime hours, for example, according to the vendor.

The vendor even has recommendations for how to measure ROI for Copilot for Security, including incidents worked per day with and without the Copilot, mean time to respond and average incident resolution time. Microsoft also provided a list of popular prompts for Copilot for Security, including “analyze the following script” and “show me the top 5 DLP alerts that I should prioritize today.”

In the run-up to Copilot for Security’s GA phase, Microsoft created a Security Partner Private Preview for MSSPs, including Accenture, BDO, Difenda and Maureen Data Systems.

Microsoft’s Copilot for Security is supposed to draw in data from Microsoft products and third-party ones with natural language guidance for increasing security teams’ efficiency.

The vendor positions the tool as amplifying security professionals’ skills, increasing their threat response time and reducing alert fatigue. More than 78 trillion security signals processed by Microsoft each day inform the Copilot tool.

Professionals can use Copilot to access, summarize and act on insight from the larger IT environment. Junior analysts can ask Copilot for Security questions to free up more time for senior analysts.

Copilot for Security users were 22 percent faster at common security tasks with an increase in accuracy of 7 percent, according to the vendor. Almost all users said they would use Copilot for Security again.

The tool’s GenAI capabilities can quickly put security alerts into concise, actionable summaries and detail the potential effects of security incidents on various systems and data to help prioritize response efforts, according to Microsoft.

With Copilot for Security, security teams no longer need to manually reverse-engineer malware, using GenAI to translate command line scripts into natural language with an explanation of what to do next, the company said. Copilot for Security will also guide users through triage, investigation, containment and remediation.

Copilot for Security comes with custom promptbooks for users to save natural language prompts for common workstreams and tasks and allows for prompting and responses in eight languages—including English, Spanish and Japanese—with the interface available in 25 languages.

The tool also has usage reporting dashboards, the ability to summarize Microsoft Entra logs and a connection to Microsoft Defender External Attack Surface Management (for improved insight.

Microsoft also noted a few products and features in preview related to Copilot for Security:

• Copilot in Intune aims to simplify root cause determination with device context, device configuration comparison and error code analysis.
• Knowledge base integrations can help users integrate business logic into Copilot for Security work.
• Copilot in Microsoft Entra user risk investigation can help prevent identity compromise and speed up threat response.

Microsoft also continues to grow the library of plugins for Copilot for Security, with ones available for Netskope, Tanium, Cyware and more.