Introduction
Microsoft Security Copilot is accessible directly from some Microsoft security products. This solution is referred to as the embedded experience. Currently, Copilot is embedded with Microsoft Defender XDR and Microsoft Purview, with more Microsoft security solutions embedding Copilot capabilities in the near term.
The Microsoft solution in which the Copilot capabilities are embedded determines the scenarios that are available through the embedded experiences. For example, in Microsoft Purview Communication Compliance, Copilot can provide a summary of a message and its attachments, in the context of the policy and classifier conditions that flagged the message.
In the standalone experience, Copilot does some processing to determine which of its many capabilities is best suited to respond to your prompt. In the embedded experience, because Copilot is available in the specific product, Copilot is able to invoke the product specific capabilities directly, providing processing efficiency.
The embedded experience is also a great place to start a security investigation. For example, as an analyst using Microsoft Defender XDR, you're likely to spend a good amount time in the incidents page. From the incident page, you can select an alert and immediately get a summary of that incident. Depending on what you learn you might determine that a deeper investigation is needed. In this scenario, you can easily transition to the standalone experience to pursue a more detailed, cross product investigation that brings to bear all the Copilot capabilities enabled for your role.
In this module, you learn about the scenarios supported by the embedded experiences of Microsoft Security Copilot.
After completing this module, you'll be able to:
- Describe Copilot in Microsoft Defender XDR.
- Describe Copilot in Microsoft Purview.
- Describe Copilot in Microsoft Entra.
- Describe Copilot in Microsoft Intune.
- Describe Copilot in Microsoft Defender for Cloud.