Updated: May 24, 2025 (April 22, 2024)

  Sidebar

Security Copilot Features in Defender XDR

My Atlas / Sidebar

778 wordsTime to read: 4 min
Wes Miller by
Wes Miller

Wes Miller analyzes and writes about Microsoft’s security, identity management, and systems management technologies. Before joining Directions on Microsoft, Wes... more

Tasks that Security Copilot helps Microsoft Defender XDR admins with include:

  • Summarizing security incidents
  • Summarizing device information
  • Analyzing scripts and code
  • Analyzing files
  • Generating Kusto Query Language (KQL) queries to search logged data
  • Providing guided incident responses
  • Creating incident reports.

Summarizing Security Incidents

To help analysts quickly determine what occurred during a security incident, Microsoft Defender XDR summarizes the components involved. This information could include related user accounts, devices, and e-mail addresses. Security Copilot adds a descriptive text summary to this information, helping analysts quickly understand the scope and type of an attack, such as phishing. (See the illustration “Security Copilot Incident Summarization.”)

As is the case with all Security Copilot features available in Microsoft Defender XDR, the summary is marked “AI generated” to help administrators and analysts understand that it was created by the system and not summarized by an administrator or Microsoft.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now