Configure Copilot settings with the owner role

Give administrators the ability to manage the data and custom plugin use in Security Copilot.

Prerequisites

You need the Security Copilot owner role to manage owner settings.

For more information, see Understand authentication in Microsoft Security Copilot.

Manage owner options

Here are the configuration options available to users with the Copilot owner role:

Screenshot of owner menu options.

Owner settings

Manage the usage and data privacy for Copilot in this menu section.

Screenshot of configuration options in owner settings.

Capacity management

Manage capacity association and geo location evaluation options. Keep in mind, purchasing new security capacity units (SCUs), changing capacity, or associating with a different capacity all require Azure Owner or Contributor access to the capacity resource in the Azure portal.

Screenshot showing capacity association configuration menu.
Figure shows owner setting for associating SCUs.

For more information on purchasing SCUs, see Provision capacity.

Manage logging audit data in Microsoft Purview

Manage logging audit data by configuring whether to allow Microsoft Purview to access, process, copy, and store Customer data.

Security Copilot uses Microsoft Purview to process and store data such as admin actions, user actions, and system responses.

In most scenarios, logs are available within 24 hours in Microsoft Purview after enabling the capability.

Important

Microsoft Purview will store your Customer Data in the region where your Microsoft 365 data is stored. For more information, see, Privacy and data security. The default retention period for audit logs is 180 days, but can be extended using audit log retention policies. For more information, see Manage audit log retention policies.

If you already use Microsoft Purview, no further set up is needed. Otherwise, you'll need to provision a free, limited experience. For more information, see Turn auditing on or off.

For more information, see Audit logging.

Plugin settings

Manage all plugin restrictions for your organization.

Screenshot of plugin settings.

Manage custom plugins

The following custom plugin options are configurable:

  • control whether contributors can add custom plugins for their sessions
  • control whether contributors can publish custom plugins for everyone in the organization

For more information, see Manage plugins.

Manage preinstalled plugins

By default, all Owners and Contributors have access to preinstalled Microsoft and Non-Microsoft plugins. When an owner toggles plugin availability and restricts access, there are two options for plugin availability:

  • all users
  • owners only

Once access is restricted, new preinstalled plugins are made available to Owners only until configured otherwise.

Warning

This is an immediate change impacting all users of Security Copilot and embedded experiences. Please exercise caution and notify users prior to impact.

Restricted plugins affect embedded experiences. Consider the example where an analyst has access to Security Copilot and Microsoft Defender XDR, but the plugins for Microsoft Defender XDR and Natural Language to KQL are restricted. The analyst experience for Copilot in Defender looks like this:

Screenshot showing Copilot in Defender embedded experience when the plugin is restricted.

Preinstalled plugins, like Microsoft Sentinel and Azure AI Search, require more setup. Any plugin with the gear or Set up button is configured per user. All users who have access to the plugin configure that plugin's setup for themselves.

Manage accessing data from Microsoft 365 services

Allow users to query information from Microsoft 365 services that your organization has licensed. For more information, see Accessing data from Microsoft 365 services.

For more information on authentication in Security Copilot, see Understand authentication in Microsoft Security Copilot.