Microsoft Security Copilot

Generative AI assistant for security and IT teams that works across Microsoft Defender, Sentinel, Entra, and Intune to speed up investigation and response.

by Microsoft

What it does

Microsoft Security Copilot is a generative AI assistant for security and IT operations, generally available since 2024. It works in two ways: a standalone portal where analysts investigate using prompts and reusable promptbooks, and embedded experiences inside Microsoft Defender, Sentinel, Entra, Intune, and Purview.

Typical uses include summarizing incidents, generating KQL queries from plain language, analyzing suspicious scripts, and drafting guided response steps. It draws on Microsoft’s threat intelligence and connects to Microsoft and third-party tools through a plugin model.

Pricing is consumption-based through Security Compute Units, which offers flexibility but requires monitoring usage. The product makes the most sense for organizations already invested in the Microsoft security stack.

Key features

Incident summarization and guided response in Defender XDR
Natural language to KQL query generation for hunting
Script and malware analysis
Embedded experiences across Defender, Sentinel, Entra, Intune, and Purview
Standalone portal with reusable promptbooks
Plugin model for Microsoft and third-party data sources

What teams use it for

The concrete work teams hand to Microsoft Security Copilot.

Incident summarization and investigation in Defender XDR
Generating KQL hunting queries from plain language
Analyzing suspicious scripts and files
Investigating identity risk in Entra
Drafting post-incident reports

Where it fits

Good fit if

Security and IT teams that run primarily on Microsoft Defender, Sentinel, and Entra and want AI assistance built into those consoles.

Limitations

Security teams with little Microsoft footprint, since the value depends heavily on Defender, Sentinel, and Entra data, and teams that need fixed, predictable licensing costs.

BetterBuys fit score

Editorial relevance, not user reviews. How we rank

Quick facts

Best for

Mid-market, Enterprise

Free trial

Not publicly confirmed

Deployment

Cloud (SaaS)

Security

SOC 2, ISO 27001, GDPR, SSO/SAML

Pricing

Consumption-based pricing billed through Security Compute Units.

Visit website (opens in a new tab) microsoft.com Claim this listing

Pricing

Consumption-based pricing billed through Security Compute Units.

Common integrations

Microsoft Defender XDR Microsoft Sentinel Microsoft Entra Microsoft Intune Microsoft Purview Third-party plugins

Categories and tags

Categories AI for IT, Security & DevOps Endpoint, Network & Cloud Security Identity, Access & Secrets Security Security Operations

Industries Cross-industry

Use cases Alert triage Incident response Threat hunting

Capabilities Conversational AI Generative AI & LLMs

Buyer roles IT & security

Company size Enterprise Mid-market

Alternatives to Microsoft Security Copilot

Other products in Security Operations, ordered by how well they fit the category.

CrowdStrike Charlotte AI

by CrowdStrike

Generative AI security analyst inside the CrowdStrike Falcon platform that answers questions, triages detections, and speeds up investigations.

Security Operations View profile

Darktrace

by Darktrace

Self-learning AI security platform that models normal behavior across network, cloud, email, identity, and OT to detect and contain threats.

Security Operations View profile

PagerDuty AIOps

by PagerDuty

Event intelligence layer in the PagerDuty Operations Cloud that cuts alert noise, correlates events, and automates incident triage and remediation.

Security Operations View profile

This profile was compiled from public sources with AI assistance and reviewed by a BetterBuys editor. Last verified on June 10, 2026. How we research profiles.

Is this your product?

Claim this listing to keep the details, positioning and pricing on this page accurate and up to date.

Claim this listing