Microsoft Security Copilot experiences

Security Copilot offers an immersive standalone experience and intuitive embedded experiences that are available in other Microsoft security products.

Watch the following video to learn more about the Security Copilot experiences:

Standalone and embedded experiences

Standalone experience
Security Copilot, accessed through https://securitycopilot.microsoft.com, is considered the standalone experience.

Embedded experience
Accessing Security Copilot embedded experiences in other Microsoft security products is considered an embedded experience.

Important

Guidance on specific embedded experiences can be found in the documentation library of the corresponding service. For example, if you access a Microsoft Defender XDR embedded experience, then the corresponding documentation for that Security Copilot experience can be found in the Microsoft Defender XDR documentation. This ensures that you receive service-specific guidance wherever you access Security Copilot.

A feature common to all embedded experiences is the ability to hide or show the Copilot sidecar. The panel behavior persists per Copilot embedded experience, remembering that user's option. The embedded copilot functionality remains the same whether it's hidden or not, so closing the panel doesn't affect SCU consumption.

For example, to hide the Copilot in Microsoft Defender XDR experience, select the X. The incident summary will continue to generate in the background.

Screenshot showing Copilot panel in embedded experience of Microsoft Defender XDR.

To make the panel visible again, select the Copilot button.

Embedded experiences

The following table lists the available embedded experiences.

Product Embedded experience
Azure Firewall - Enrich the threat profile of an IDPS signature beyond log information

- Generate recommendations to secure your environment using Azure Firewall's IDPS feature

- Look for a given IDPS signature across your tenant, subscription, or resource group

- Retrieve the top IDPS signature hits for an Azure Firewall

Microsoft Defender for Cloud - Analyze recommendations

- Delegate recommendations

- Remediate code

- Remediate recommendations

- Summarize recommendations

Microsoft Defender Threat Intelligence - Using Security Copilot for threat intelligence
Microsoft Defender XDR - Analyze files

- Analyze scripts and codes

- Create incident reports

- Generate KQL queries for hunting

- Summarize device information

- Summarize incidents

- Summarize identities

- Use guided response
Microsoft Entra - Investigate risky users
Microsoft Intune - Device query

- Policy and setting management

- Use Microsoft Copilot in Intune to troubleshoot devices
Microsoft Purview - Investigate a Microsoft Purview Data Loss Prevention alert

- Investigate insider risk management activities

- Summarize Communication Compliance messages by using Security Copilot

- Summarize an eDiscovery message by using Security Copilot