Security Copilot Agents in Microsoft Purview Overview (preview)

Microsoft Security Copilot agents are AI powered processes that are designed to help you with specific role based tasks. Microsoft Purview offers two agents in preview, a Microsoft Purview Data Loss Prevention (DLP) triage agent and a Microsoft Purview Insider Risk Management triage agent. These agents provide an agent-managed alert queue where the alerts about the highest risk activities are identified and prioritized. The agents analyze the content and potential intent involved in the activity based on the organization’s chosen parameters and level of risk tolerance. The agents offer a comprehensive explanation for the logic behind the categorization.

Agents are available in the Microsoft Purview embedded experiences. For more information, see embedded experiences.

Triaging and assigning a priority to alerts can be complex and time consuming. When you have agents triage and prioritize alerts, according to the parameters that you set, the amount of time required to complete the task is reduced. Agents help you focus on the most important alerts by sifting them out from the noise of lower risk alerts. This improves your response time and helps increase the efficiency and effectiveness of your team.

For information on deploying, configuring, and using the agents, see Get started with the Microsoft Purview Agents.

Before you begin

If you're new to Security Copilot or Security Copilot agents, you should familiarize yourself with the information in these articles:

• Microsoft Security Copilot agents overview
• What is Microsoft Security Copilot?
• Microsoft Security Copilot experiences
• Get started with Microsoft Security Copilot
• Understand authentication in Microsoft Security Copilot
• Prompting in Microsoft Security Copilot
• Configure Owner settings

Security Copilot agent concepts

The Microsoft Purview Triage Agents run on Security Compute Units (SCU). Your organization must have SCUs provisioned for the agents to run. For more information, see SKU/subscriptions licensing.

Triggers

Triggers are groupings of parameters whose values must be met in order for the agent to triage any given alert. Triggers include:

• Time frame: You can define the time scope that alerts are generated in for triaging. See, Select Alert timeframe.
• Policies: You can configure the agent to triage alerts from policies you select. See, Setup agents.

Run automatically or manually

When you deploy an agent, and when you edit triggers, you can select whether the agent will run automatically based on a set schedule or Agent will run manually on one alert at a time . If you select Run automatically based on a set schedule, the agent will triage the alerts that are included in the Select Alert timeframe setting.

Select alert timeframe

When you deploy an agent, and when you edit an agent’s triggers, you can pick the timeframe that the agent will use to scope which alerts to triage. The options are:

• Only triage new alerts
• Last 24 hours
• Last 48 hours
• Last 72 hours
• Last 7 days
• Last 14 days
• Last 21 days
• Last 30 days

If you select Only triage new alerts, the agent only triages alerts that are generated after the agent is deployed. The agent won't triage any alerts that were generated before the agent was deployed. This means that all the Last # hours or days options are ignored.

If you select any of the Last # hours or days options, the agent triages alerts that were generated in the selected timeframe. This allows you to triage all that were generated before the agent was deployed. All newly generated alerts are also triaged.

Security context

Agents run in the security context of the user that last configured them. The Security context must be renewed every 90 days. The agent stops running if the user is removed or deleted from the tenant or if the user is disabled.

Triaged alerts

The agent will triage alerts based on the trigger configuration. The agent will triage alerts that are generated in the timeframe you selected and are from the policies you selected. Not all alerts are triaged. For more information, see Setup agents.

Triaged alerts are grouped into four categories:

All: This category includes all the alerts that the agent has triaged. The count indicated in the category may not accurately reflect the true number of alerts until you go into that view and scroll down to load all the alerts. If the conditions that caused the alert to be raised in the first place have changed, or if the alert hasn't been triaged yet, you can select the alert and then select Run agent to manually run the agent on the alert.

Needs attention: These are the alerts that the agent has reasoned over and determined that they pose the greatest risk to your organization. When you select one of these alerts, the details flyout opens to show a summary of the alert and other details.

Less Urgent: These are the alerts that the agent has reasoned over and determined that they pose a lower risk to your organization. When you select one of these alerts, the details flyout opens to show a summary of the alert and other details.

Not categorized: These are the alerts that the agent wasn't able to successfully triage. This can happen for a number of reasons, including: - Server error - In process of reviewing - other error - Unsupported error for alerts that contain activities which the agent doesn't support.

For more information on why an alert may not be triaged, see Known limitations.

How agents prioritize

The DLP alert triage agent prioritizes alerts based on:

• the sensitivity of the content risk
• the exfiltration risk
• the policy risk

The insider risk management alert triage agent prioritizes alerts based on:

• user risk,
• file risk
• activity risk

Known limitations

Alert Triage

• Agents are able to review alerts that were generated up to 30 days prior to the enablement of the agent if the tenant has sufficient SCUs. Alerts generated more than 30 days ago are out of scope. 
• In DLP, the agent will only be able to triage alerts from Exchange, Devices, SharePoint, OneDrive, Teams.
• In DLP, the agent won't be able to triage alerts from Devices if:
  • Evidence collection for file activities on devices isn't enabled for the tenant.
  • Evidence collection isn't enabled in the rule configuration.
• In DLP, the agent won't be able to triage alerts triggered only by custom sensitive information types (SIT) and custom trainable classifier conditions.
  • Alerts triggered by non-SITs/non-trainable classifier policy conditions only such as Email subject match.
  • Alerts triggered by custom SITs/non-trainable classifier only.
• In DLP, the agent prioritizes alerts mostly based on content risk but there are other risk factors that will be considered which include:
  • Content Risk- sensitive content based on Microsoft provided SITs, trainable classifiers, and default sensitivity labels.
  • Exfiltration Risk - exfiltration of sensitive data shared externally.
  • Policy Risk - Policy mode and rules with actions impact the prioritization of alerts.
  • Content Risk - Label removed or downgraded. 
  • Exfiltration Risk - Exfiltration of sensitive data to unapproved ___domain. For more information, see Configure endpoint data loss prevention settings.
• In DLP, the agent won't support triaging simulation mode alerts.
• In insider risk management, the agent doesn't support pseudonymization. If your tenant has pseudonymization setting turned on, the agent functions normally and generate outputs but mentions of usernames won't be pseudonymized and are visible to users triaging the alert. Existing insider risk management pages will still honor pseudonymization and isn't impacted.
• In insider risk management, the agent won't support triaging alerts generated from only non file related indicators such as:
  • Device indicators
  • Purview Data Loss Prevention indicators
  • Microsoft Defender for Endpoint indicators
  • Risky browsing indicators
  • Physical access indicators
  • Microsoft Defender for Cloud Apps indicators
  • Health record access indicators
  • Cloud storage indicators
  • Cloud service indicators
  • Generative AI apps (preview)
  • Microsoft Fabric indicators
  • Microsoft Teams indicators
  • Communication Compliance indicators
  • Microsoft Entra ID Protection indicators (preview)
• In insider risk management, the agent won't be able to triage alerts that only contain email or endpoint file activities.
• In insider risk management, new activities populate in the alert for 30 days from when an alert is generated. In preview, the agent will automatically rerun on alerts that have increased in severity due to new activities. For all other alerts, you can manually use the Run agent button for the agent to rerun on an individual alert.
• In insider risk management, any alert that the agent evaluates again, due to severity increase or manual rerun, will account for new files that were added to the alert after the agent’s initial run. If the new files rank in the top 10, a new file risk summary is generated.

Unsupported alerts

Here are some examples of situations where the agent can't triage the entire alert:

• Full file evidence for endpoint settings isn't enabled for the tenant.
• Evidence collection isn't enabled in the rule configuration.
• Alerts triggered by non-SITs or non trainable classifier policy conditions only such as Email subject match
• Alerts triggered by custom SITs or custom trainable classifiers only.
• An alert generated from policy only looking at endpoint or email activities for insider risk management.
• An alert that only contains email or endpoint activities for insider risk management.

Partially triaged alerts

Here are some examples of situation where alerts may be partially triaged.

• DLP rule contains some conditions which aren't supported such as The user accessed a sensitive site from Edge
• The DLP rule includes certain conditions, but we're unable to retrieve the corresponding properties of the email or files such as Document couldn't be scanned.
• Insider risk management alerts containing a mix of SharePoint, Email, Device activities have files from each ___location, but only the SharePoint file content can be analyzed during preview.

Content Analysis

Here are some examples of situation where content analysis may be limited.

• The content risk prioritization of alerts will be based on Microsoft provided SITs, trainable classifiers, and sensitivity labels in content. Custom classifiers aren't supported.
• When an agent evaluates content risk, it looks for Microsoft provided SITs, and trainable classifiers defined in the policy and doesn't look for any Microsoft provided SITs, and trainable classifiers found beyond policy.
• For alerts with fewer than 10 files, all files will be scanned by the agent. For alerts with more than 10 files, the potentially top 10 files are used to generate the file risk summary with a note that all files aren't part of the content summary.
  • In DLP, the potentially top 10 risky files criteria are based count of policy classifier hits, file size, and last accessed time.
  • In insider risk management, the potentially top 10 risky files criteria are based on:
    • File Names, paths, extensions
    • Microsoft provided SITs, trainable classifiers, and sensitivity labels.
    • If the file is considered Priority Content from IRM policy configurations
    • Risk score of activity associated with the file.
    • File metadata. for example, is the content hidden or does it have a protected label.
    • Custom instructions if present.
• The maximum file size that is supported to be triaged by the agent is two MB.
• In insider risk management, the agent doesn't support Devices, Exchange, or Teams files for content analysis. User and Activity risk sections won't be impacted by this support limitation.

Related articles

• Security Copilot in Microsoft Purview Overview
• Get started with the Microsoft Purview Agents