Back in 2023, Microsoft decided to ride the trend of AI copilot and launched Security Copilot. As can be expected, the service utilized large language models (LLMs) to generate security alerts. That said, Security Copilot has evolved quite a bit since then, and has also been integrated with Microsoft Defender XDR. Now, Microsoft is ready to take this tool a step further and make it accessible through its Entra platform.
In a highly detailed blog post, the Redmond tech firm has announced that Security Copilot in Entra has finally exited public preview and can be freely utilized by all IT admins. The idea behind the service is that it will work in tandem with Entra products to investigate and monitor security incidents through natural language queries submitted by customers.
Microsoft has outlined four areas in which Security Copilot in Entra can help admins:
- Identity insights and investigation
- Users: Understand permissions, roles, sign-ins, and more
- Groups: Same as above, but for groups
- Sign-in logs: Analyze abnormal, failed, and suspicious logins
- Audit logs: Investigate who made changes to Entra policies, configurations, and identities
- Lifecycle workflows: Manage workflows for onboarding and offboarding, and flag issues
- Risky users: Identify risky users and remediation priorities
- Access governance and review
- Access reviews: Summarized recommendations to reduce excessive permissions
- Entitlement management: Review access package configurations
- Entra ID RBAC: Identify roles with excessive privileges
- App and resource protection
- App risk: Identify risky app behaviors, integrations, and misconfigurations
- Microsoft Entra recommendations: Exactly what it says on the tin
- License utilization: Analysis of licenses to optimize costs across active identities
- Monitoring and posture management
- Alerts in scenario health monitoring: Detect risks related to misconfigurations
- SLA in scenario health monitoring: Identify performance and reliability issues in critical workflows
- Tenants: Identify risks related to tenants, cross-tenant access, and trust relationships
- Domain health: Review exposure risks for domain and its overall health
- MFA authentication methods: Audit usage of MFA and enforce MFA methods that are phishing-resistant
Microsoft has also made Security Copilot smarter so that it understands your natural language query better, even when it is relatively complex. It will also provide clearer answers, which the Redmond tech firm says are significantly upgraded from what was available during public preview. However, Microsoft has emphasized that its work is not done yet and it will be working on improving Security Copilot so that it can handle other scenarios too. You can find out more details about those plans and the Conditional Access Optimization Agent in Microsoft Entra in the dedicated blog post here.