Copilot Developments from Microsoft Ignite 2023

What is Microsoft Security Copilot?

Microsoft Security Copilot is a generative AI-powered security solution that enhances the effectiveness of defenders by operating at high speeds and large scales. It focuses on improving security outcomes while upholding responsible AI principles.

Security Copilot offers a natural language interface, assisting security professionals in various tasks, including incident response, threat hunting, intelligence gathering, and posture management, while providing support in end-to-end security scenarios.

This solution uses OpenAI architecture for user prompt responses whilst utilising security-specific plugins for information and threat intelligence. These plugins enhance visibility, context, and extend functionalities.

Security Copilot is designed for integration with Microsoft Security products (Microsoft 365 Defender, Microsoft Sentinel, Microsoft Intune) and third-party services.

This is currently only available as part of an Early Access Program, with the primary focuses being:

• Incident Response

Security Copilot can:

Summarise incident information swiftly

Enhance details with context from data sources

Assess incident impact

Provide guidance and remediation suggestions to analysts

• Security Posture Management

Security Copilot provides:

Alerts about events exposing organisations to known threats

Analysts with prescriptive guidance on protection measures

• Security Reporting

Security Copilot can:

Create executive summaries and reports that cover security investigations, disclosed vulnerabilities, and threat actors/campaigns and are ready for sharing

How does Security Copilot work?

Microsoft Security Copilot is available as a standalone tool and within other Microsoft security products. It uses a foundation language model and Microsoft technologies to enhance defenders’ efficiency and security capabilities with the aim of improving security outcomes quickly and at scale.

As previously mentioned, Microsoft 365 Defender, Microsoft Sentinel, Microsoft Intune all integrate with Security Copilot.

Plugins in Security Copilot also extend and integrate services, providing additional context from event logs, alerts, incidents, and policies. These supported plugins come from both Microsoft security products and third-party solutions, such as ServiceNow.

Security Copilot also accesses threat intelligence and authoritative content through plugins. This includes searching across various sources, such as Microsoft Defender Threat Intelligence articles, intel profiles, threat analytics reports, and vulnerability disclosure publications.

Microsoft Security Copilot works by receiving user prompts from security products. It uses a process called grounding to refine and make the prompts more specific. This involves using plugins for pre-processing before sending the modified prompt to a language model. After getting the model’s response, Security Copilot further processes it, including accessing plugins for contextual information. Finally, it provides the response to the user for review and assessment. This iterative process helps produce contextually relevant results based on your organisation’s data.

Another interesting announcement from Microsoft Ignite 2023 comes in the form of:

Microsoft Copilot for Azure

This Ignite 2023 announcement – Copilot for Azure – is your new AI companion for managing cloud infrastructure and services. It combines large language models with the Azure Resource Model to provide comprehensive management and understanding of Azure resources.

Copilot for Azure is designed to help IT professionals design, operate, troubleshoot, and optimise their cloud environment. Breaking that down, Microsoft outlines each of these and their benefits:

• Design – Copilot for Azure can “create and configure the services needed while aligning with organizational policies”
• Operate – Copilot for Azure can “Answer questions, author complex commands, and manage resources”
• Troubleshoot – Copilot for Azure can “Orchestrate across Azure services for insights to summarize issues, identify causes, and suggest solutions”
• Optimize – Copilot for Azure can “Improve costs, scalability, and reliability through recommendations for your environment”

To make sure this tool is accessible as possible, Microsoft has made Copilot for Azure available in the Azure portal, with it being made accessible through the Azure mobile app and CLI in the future. It will offer features like learning Azure, understanding cloud environments, optimising cost and performance, metrics-based insights, CLI scripting, support and troubleshooting, and hybrid management.

Microsoft has designed Copilot for Azure with a focus on enterprise needs, AI principles, and data security and privacy. It is in preview, with continuous improvements and new capabilities being added based on user feedback.

Copilot is a tool that helps users navigate and utilise the various services and capabilities offered by modern cloud platforms like Azure. It provides tailored recommendations based on your specific workload needs and keeps you updated with the latest documentation. Copilot can also assist you by quickly directing you to the relevant portal sections to perform tasks. Additionally, it can answer questions related to resource management, such as sizing, resiliency, and solution trade-offs, in the context of your specific resources.

Copilot is a tool designed to help users quickly and easily answer questions and construct Kusto Query Language (KQL) queries in cloud environments, especially within Azure Resource Graph. It accelerates the process of gaining insights into Azure resources and their deployment environments, catering to users with varying levels of experience, from novices to experts. Copilot facilitates query generation and allows users to review, and fine-tune generated queries in the Azure Resource Graph Explorer within the Azure portal.

Copilot is a valuable tool for teams seeking insights into their cloud spending, cost optimization recommendations, and predictive “what-if" analyses. It assists in understanding invoice details, spending patterns, and suggests cost-saving measures. Copilot can help analyse, estimate, and optimise cloud costs by responding to queries about cost spikes or identifying subscriptions with high costs based on usage and billing data. It also integrates with AI algorithms in Application Insights Code Optimizations to detect and offer solutions for CPU and memory performance issues at a code level. Additionally, it helps discover and manage code recommendations for .NET applications.

Copilot helps users discover, visualize, and summarize metrics for Azure resources using Azure Monitor. It enables deeper exploration and provides anomaly detection to identify unexpected changes and offer recommendations. 

It assists with Azure CLI scripting, simplifying the management of Azure resources from the command line or in scripts. Copilot helps identify commands and their parameters, and it can generate scripts aligned with Azure best practices. 

Copilot offers troubleshooting insights generated from Azure documentation and built-in tools. It provides step-by-step guidance for issue resolution, links to relevant documentation, and the option to access assisted support if needed. It also recommends service-specific diagnostics and troubleshooting tools. 

Copilot supports managing complex IT estates, including workloads in data centres, operational edge environments, and multicloud setups through Azure Arc. It helps design, operate, optimize, and troubleshoot Azure Arc-enabled workloads, facilitating data transfer and observability back to Azure. 

Copilot is designed with enterprise needs in mind and adheres to responsible AI principles and standards. It ensures data security and privacy by inheriting an organization’s policies. It operates within the Azure framework and does not access tenant data without proper permissions and role-based access control.