Updated: May 24, 2025 (April 22, 2024)
SidebarSecurity Copilot Features in Defender XDR
Tasks that Security Copilot helps Microsoft Defender XDR admins with include:
- Summarizing security incidents
- Summarizing device information
- Analyzing scripts and code
- Analyzing files
- Generating Kusto Query Language (KQL) queries to search logged data
- Providing guided incident responses
- Creating incident reports.
Summarizing Security Incidents
To help analysts quickly determine what occurred during a security incident, Microsoft Defender XDR summarizes the components involved. This information could include related user accounts, devices, and e-mail addresses. Security Copilot adds a descriptive text summary to this information, helping analysts quickly understand the scope and type of an attack, such as phishing. (See the illustration “Security Copilot Incident Summarization.”)
As is the case with all Security Copilot features available in Microsoft Defender XDR, the summary is marked “AI generated” to help administrators and analysts understand that it was created by the system and not summarized by an administrator or Microsoft.
Atlas Members have full access
Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.
Membership OptionsAlready have an account? Login Now