Security Copilot Features in Defender XDR

Wes Miller analyzes and writes about Microsoft’s security, identity management, and systems management technologies. Before joining Directions on Microsoft, Wes... more

Tasks that Security Copilot helps Microsoft Defender XDR admins with include:

Summarizing security incidents

Summarizing device information

Analyzing scripts and code

Analyzing files

Generating Kusto Query Language (KQL) queries to search logged data

Providing guided incident responses

Creating incident reports.

Summarizing Security Incidents

To help analysts quickly determine what occurred during a security incident, Microsoft Defender XDR summarizes the components involved. This information could include related user accounts, devices, and e-mail addresses. Security Copilot adds a descriptive text summary to this information, helping analysts quickly understand the scope and type of an attack, such as phishing. (See the illustration “Security Copilot Incident Summarization.”)

As is the case with all Security Copilot features available in Microsoft Defender XDR, the summary is marked “AI generated” to help administrators and analysts understand that it was created by the system and not summarized by an administrator or Microsoft.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now