Connect your org knowledge base (Preview)

Important

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Using the Azure AI search plugin or file upload, you can bring in business context like your organization's security knowledge base into Microsoft Security Copilot so you can directly reference them in your session.

An organization's knowledge base might include the repository of an organization's proprietary information, like: wikis, policy and compliance documents, investigation and response procedures templates, historical data, KQL (Kusto Query Language) libraries, or even information from public repositories like Microsoft Learn documentation, prescriptive guidelines, and frameworks.

Integrating integrate this wealth of knowledge into Copilot allows Copilot to reason over the knowledge base or documents and generate responses that are more relevant, specific, and customized to your operational need.

Options for connecting a knowledge base

There are two ways to integrate a knowledge base into Copilot:

  1. Azure AI Search plugin – set up the Azure AI Search plugin to connect to an Azure AI Search index containing your organization's knowledge base. Follow the steps in Prompting for a knowledge base connected using Azure AI Search.

  2. File upload – upload your files and get Copilot to reason over them. Follow the steps in Prompting for a knowledge base uploaded as a file.

To connect a knowledge base using this method, follow the steps in Azure AI Search.

Once connected, prompt Copilot to look for information related to the knowledge base you uploaded. Make sure to mention "Azure AI Search" in the prompt. For example:

  • New staff can ask Copilot about the organization’s processes within their Copilot workflows. This can speed up the onboarding process.

    Sample prompt: Summarize my organization’s multifactor authentication policies in Azure AI Search.

  • While performing an incident investigation, SOC analysts can ask Copilot for investigation steps from their organization’s processes and procedures.

    Sample prompt: Search my Azure AI Search index for investigation steps that I should follow for this incident involving multiple failed sign-in attempts by a user.

The Azure AI Search plugin performs a semantic and keyword search across the index's contents to find the relevant information so it's advisable to be as specific as you can in prompting. For more on the elements of an effective prompt and other prompting tips, read Create effective prompts.

Prompting for an uploaded file

To upload a file, follow the steps in Add a source by uploading a file.

You can use this option to directly add text documents as a source that Copilot can refer to when responding to a prompt that references it.

In the prompt bar, you need to mention "uploaded files" if you want Copilot to reason over your available files. You can also include the file name if you would like to guide Copilot to reason over a specific file. For example:

  • You can ask Copilot to check a user account's actions against your organization's data handling policies to find out if any violations were committed.

    Sample prompt: Based on the Contoso Data Handling Policy file, list any actions taken by user Preston-123 that might be a violation of the data handling policies. Include a verdict to the action and level of confidence of the verdict. Cite the policy name and section applicable to the verdict.

Known limitations

For both the Azure AI Search plugin and file upload methods of connecting knowledge bases:

  • Copilot reasons over text content only, not other data or media types.
  • Searches over structured content like tables aren't well-supported yet.

See also