Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Microsoft Security Copilot agents automate repetitive tasks and reduce manual workloads. They enhance security and IT operations across cloud, data security and privacy, identity, and network security. These agents handle high-volume, time-consuming tasks by pairing data and code with an AI language model. They respond to user requests and system events, helping teams work more efficiently and focus on higher-impact tasks.
Agents fit naturally into existing workflows. You don't need special training or other licensing to use them. Agents utilize SCUs to operate just like other features in the product. They integrate seamlessly with Microsoft Security solutions and the broader supported partner ecosystem. Agents learn based on feedback and keep you in control on the actions it takes. They handle resource-intensive tasks like threat intelligence briefings, and Conditional Access optimization. With Microsoft Security Copilot agents, you can scale up your teams, people, and processes.
Microsoft Security Copilot agents offer significant benefits for security teams and IT operations by automating routine tasks and freeing up valuable time for teams to concentrate on strategic initiatives and complex problem-solving. This leads to improved operational efficiency, enhanced security and giving teams the ability to respond more swiftly to emerging threats. With Security Copilot agents, organizations can achieve greater scalability and resilience in their security and IT processes.
Discover agents
You can easily discover Microsoft Security Copilot agents from both the standalone and embedded experiences. From the standalone experience, you can select Go to agents from the banner.
You can also navigate to the agent library from the home menu. Once you select Agents, the agent library is displayed. Browse through the library to peruse the various agents.
There are Microsoft agents and partner agents available for you to choose from. Depending on your role, you can either set them up or access the agent to run it. This intuitive access ensures that you can quickly integrate agents into your workflows.
In the embedded experiences, you'll see agents within the portal and can explore their capabilities.
Microsoft agents
The following Microsoft agents are available:
- Conditional Access Optimization Agent in Microsoft Entra - Embedded experience
Monitors for new users or apps not covered by existing policies, identifies necessary updates to close security gaps, and recommends quick fixes for identity teams to apply with a single click. - Phishing Triage Agent in Microsoft Defender
Designed to scale security teams' response in triaging and classifying user-submitted phishing incidents, allowing organizations to improve their efficiency by reducing manual effort and streamlining their phishing response. - Threat Intelligence Briefing Agent in Security Copilot - Standalone experience
Automatically curates relevant and timely threat intelligence based on an organization's unique attributes and threat exposure. - Vulnerability Remediation Agent in Microsoft Intune
Identify top vulnerabilities, understand their impact, and get step-by-step remediation guidance to fix vulnerabilities using Intune capabilities. - Security Copilot Agents in Microsoft Purview Overview (preview)
Partner agents
The following partner agents from our partners are available in Security Copilot:
- Network Supervisor Agent by Aviatrix
Performs root cause analysis and summarizes issues related to VPN, gateway, or Site2Cloud connection outages and failures. - SecOps Tooling Agent by BlueVoyant
Assesses a security operations center (SOC) and state of controls to make recommendations that help optimize security operations and improve controls, efficacy, and compliance. - Task Optimizer Agent by Fletch
Helps organizations forecast and prioritize the most critical threat alerts to reduce alert fatigue and improve security. - Privacy Breach Response Agent by OneTrust
Analyzes data breaches to generate guidance for the privacy team on how to meet regulatory requirements.