Microsoft Entra’s Security Copilot Now Accessible to All IT Administrators

Microsoft Unveils Security Copilot for Entra: A Major Step Forward

In 2023, Microsoft capitalized on the surging interest in AI with the introduction of its innovative tool, Security Copilot. Leveraging large language models (LLMs), this service was designed to generate real-time security alerts. Since its initial launch, Security Copilot has undergone significant advancements, notably its integration with Microsoft Defender Extended Detection and Response (XDR).Now, Microsoft is poised to enhance its offerings even further by making Security Copilot accessible via its Entra platform.

Public Launch of Security Copilot in Entra

In a comprehensive announcement on its official blog, Microsoft revealed that Security Copilot has transitioned out of public preview. This means that all IT administrators can now utilize the service without any barrier. The primary objective of this tool is to streamline the investigation and monitoring of security incidents by allowing users to submit queries in natural language connected to the Entra suite of products.

Key Functions of Security Copilot in Entra

Microsoft has delineated four critical areas where Security Copilot can prove invaluable for administrators:

Identity Insights and Investigation
- Users: Gain insights into permissions, roles, sign-in activities, and more.
- Groups: Analyze permissions and activities pertaining to groups.
- Sign-in Logs: Scrutinize patterns in abnormal, failed, and suspicious logins.
- Audit Logs: Investigate changes to Entra policies, configurations, and user identities.
- Lifecycle Workflows: Efficiently manage onboarding and offboarding processes while flagging potential issues.
- Risky Users: Pinpoint high-risk users and prioritize necessary remediation efforts.
Access Governance and Review
- Access Reviews: Access summaries aimed at mitigating excessive permissions.
- Entitlement Management: Analyze configurations of access packages.
- Entra ID RBAC: Detect roles that possess excessive privileges and manage them effectively.
Application and Resource Protection
- App Risk: Identify risks associated with applications, including behaviors and integrations.
- Microsoft Entra Recommendations: A tailored set of enhancements based on analytics.
- License Utilization: Analyze licensing across active identities to optimize expenses.
Monitoring and Posture Management
- Alerts for Scenario Health Monitoring: Monitor misconfigurations and alert administrators to potential risks.
- SLA Monitoring: Detect performance and reliability concerns within crucial workflows.
- Tenant Risk Assessment: Identify risks associated with tenant security and cross-tenant access.
- Domain Health: Evaluate risks to domain exposure and overall security posture.
- MFA Authentication Methods: Conduct audits on multi-factor authentication use and enforce phishing-resistant methods.

Enhancements to Natural Language Processing

Microsoft has also improved the capacity of Security Copilot to comprehend complex natural language queries, significantly upgrading its ability to provide clearer and more accurate responses compared to its public preview version. However, the company acknowledges that there is still work to be done. Plans are in place to enhance Security Copilot’s capabilities to address additional scenarios in the future. More information on these developments, including the Conditional Access Optimization Agent, can be found in the dedicated blog post here.

Source & Images