0% found this document useful (0 votes)

159 views74 pages

Copilotfor Security Partner Playbook

Uploaded by

daemonbehr

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

159 views74 pages

Copilotfor Security Partner Playbook

Uploaded by

daemonbehr

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 74

Global Partner Solutions

Copilot for Security

Partner Playbook

© Copyright
© Copyright
Microsoft
Microsoft
Corporation.
Corporation.
All rightsAllreserved.
rights reserved.
Microsoft Partner Ready
Table of Contents

Solution • Introduction
Overview • Solution Architecture and Advantages
• Prompt Engineering and Samples
• Value Proposition
• Roles and Use Cases
• Integration and Extensibility Details
• Data Privacy, Sovereignty and Compliance.

Partner • Managed Services FAQs [Roadmap and Insights]

Strategic Insights • Partner Opportunities and Solutions
• Partners Ecosystem

Partner • Copilot for Security Taxonomy – key terms & examples

Resources • Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
Playbook Content

• Solution Overview
• Introduction
• Solution Architecture and
Advantages
• Prompt Engineering and Samples
• Value Proposition
• Roles and Use Cases
• Integration and
Extensibility Details
• Data Privacy, Sovereignty
and Compliance

Solution Overview
• Partner Strategic Insights
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Introduction
• Partner Strategic Insights
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Microsoft Copilot
Product
integrations
Data & telemetry

for Security
A generative AI-powered security solution
assistant for daily operations in security and
IT that empowers teams to protect at the Product
Skills
speed and scale of AI. It helps increase the knowledge

efficiency and capabilities of SecOps and IT

to improve security outcomes at machine
speed and scale, while remaining compliant
to responsible AI principles. Best
practices
Enable response in minutes,
not hours

Microsoft Copilot Simplify the complex with natural

for Security
language prompts and easy reporting

Elevate your SecOps & IT

Catch what others miss with deeper
understanding of events.

Address talent shortage

by augmenting human expertise

© Copyright Microsoft Corporation. All rights reserved.

Catch what others miss
Summarize vast data signals into key insights to cut
through the noise, detect cyberthreats before they
cause harm, and reinforce your security posture.

Microsoft Copilot
for Security Outpace adversaries
Put critical guidance and context at analysts and
admins’ fingertips so they can respond in minutes
Defending at machine speed instead of hours or days.

Incident response
Surface an ongoing incident, assess its scale, and
get instructions to begin remediation based on
proven tactics from real-world security incidents

© Copyright Microsoft Corporation. All rights reserved.

Security posture management
Discover whether your organization is susceptible to
known vulnerabilities and exploits. Prioritize risks and
address vulnerabilities with guided recommendations.

Microsoft Copilot
for Security Security reporting
Summarize any event, incident, or threat in seconds
and prepare the information in a ready-to-share,
Impact and Efficiency customizable report for your desired audience

Augment team expertise

Elevate teams’ proficiency as analysts and admins
are empowered to perform more advanced
capabilities so expert team members can be
redirected to the hardest challenges.

© Copyright Microsoft Corporation. All rights reserved.

The Microsoft Copilot for Security advantage
The most advanced AI-powered security solution assistant for daily operations in security and IT

Microsoft Copilot for Security

Most advanced Microsoft Hyperscale AI Security-specific Evergreen threat Cyber skills and
Open AI
General models Security infrastructure orchestrator intelligence promptbooks

Third-party
Apps & Services

Cloud platforms Device OSs

Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Defender Defender
Defender Sentinel Entra Intune Purview Priva TI EASM
Playbook Content

Architecture & • Partner Strategic Insights

Advantages
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
The Microsoft Copilot for Security advantage
Powered by Microsoft Threat Intelligence:
The industry’s largest vector coverage powered by 65T daily signals

One of the
world’s largest clouds + Signal from 1.4B endpoints¹
across the planet + Graphing global internet
infrastructure

1. “Microsoft by the Numbers”. Microsoft Story Labs

© Copyright Microsoft Corporation. All rights reserved.

The Microsoft Copilot for Security advantage
Copilot stitches together information across all security products

Endpoint
Security Network &
Security Ops Infrastructure
Microsoft Microsoft & Incident Security
Sentinel Defender XDR Response

Cloud
Security
C O P I L OT
Microsoft
Purview Microsoft Threat Service
Intelligence Built-in, 3rd Party Management
Microsoft Built-in and Custom
3rd Party
Security Mobile
Solutions Security

Microsoft
Solutions Plugins Plugins

Priva FO CMDB
Defender R SECURITY
EASM
Data
Security
Identity &
Microsoft Microsoft Access
Entra Intune
Managed
Risk &
SOC
compliance
Microsoft Security Experts

© Copyright Microsoft Corporation. All rights reserved.

How it works?

• User prompts from security products are sent to Copilot for Security.
• Copilot for Security then pre-processes the input prompt through an approach called grounding, which improves the specificity of the prompt, to help you get answers that
are relevant and actionable to your prompt. Copilot for Security accesses plugins for pre-processing, then sends the modified prompt to the language model.
• Copilot for Security takes the response from the language model and post-processes it. This post-processing includes accessing plugins to gain contextualized information.
• Copilot for Security returns the response, where the user can review and assess the response.

© Copyright Microsoft Corporation. All rights reserved.

Copilot
Experiences

© Copyright Microsoft Corporation. All rights reserved.

Copilot Experience Availability

Microsoft Available in the Available as an

Security standalone embedded
Solutions experience experience Rapid investigation and response
Investigate with AI-assisted insights and quickly pivot to remediation
with actionable, prioritized recommendations
Microsoft
Defender XDR
Scaled visibility
Quickly assess security posture, threats and policy or compliance
Microsoft * gaps. Access summaries with context to understand the
potential impacts.
Sentinel

Faster troubleshooting
Microsoft
Get deep understanding of device, user, access, and app status to
Intune
resolve issues quickly. Find and remediate policy issues faster with
natural language prompts.
Microsoft
Entra Advanced skills unlocked
Script analysis and natural language to KQL and KeyQL empower
any team member to complete complex tasks with confidence.
Microsoft
Purview

*Available as part of the unified security operations platform.

Architecture – data flow for Copilot for Security
Microsoft Security trust boundary

Prompting in Microsoft Security solutions

Embedded Experience Standalone
Experience Customer data is not stored outside Large
the compliance boundary or used to
Language Azure OpenAI
Response and app train foundational models
Microsoft Microsoft Microsoft Model (LLM) instance is maintained
Defender XDR Intune Sentinel commands by Microsoft. OpenAI
(in Unified has no access to the
Microsoft Copilot 6
XDR Portal)
for Security data or the model
Microsoft Microsoft User prompt 1 Modified
Purview Entra prompt

Pre-processing 3
Plugins for Microsoft and Azure
4 OpenAI
third-party security products Grounding
Copilot for Responsible AI
2
Security LLM
response
Microsoft Microsoft 365 Microsoft Responsible AI checks are performed
EASM Defender Intune 3
on input prompt and output results

5 Grounding
Microsoft Microsoft Defender Microsoft
Purview Threat Intelligence Sentinel 1 User prompts from security products are sent to Copilot
Post-processing Data flow
2 Copilot accesses plugins for pre-processing
Azure Microsoft ( = all
AI Search Entra requests 3 Copilot sends modified prompt to LLM
are encrypted
via HTTPS) 4 Copilot receives LLM response
…
5 Copilot accesses plugins for post-processing
Your context and content
Event logs, alerts, incidents, & policies 6 Copilot sends the response, and app command back to security products
© Copyright Microsoft Corporation. All rights reserved.
© Copyright Microsoft Corporation. All rights reserved. Microsoft Partner Ready
Copilot for Security Extensibility

01 02 03 04 05
Skills Plugin Promptbooks Embedded Connectors
A skill is a specific capability that Extend and integrate services to A promptbook is like a
experiences A wrapper around the API that
Copilot for Security can invoke bring more context from event playbook for a set of skills that allows the developers and users
Embed Copilot for Security UI
to perform an action. logs, alerts, incidents, policies can be invoked for a workflow. to callout to the Microsoft
into SaaS app/third-party
and more Security Copilot platform to
admin portals.
perform specialized tasks.

© Copyright Microsoft Corporation. All rights reserved.

Playbook Content

Prompt Engineering • Partner Strategic Insights

and Samples
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Improving the speed and efficiency of Enhancing the skills and confidence of Leveraging the power of foundation
generative AI tasks, such as writing generative AI users—especially models, which are large language models
complex queries, summarizing data, novices—by providing guidance and built on transformer architecture and
and generating content. feedback in natural language. packed with information, to produce
optimal outputs with few revisions.

Helping mitigate biases, confusion, Helping bridge the gap between raw
and errors in generative AI outputs by queries and meaningful AI-generated
fine-tuning effective prompts. responses—and reduce the need for
manual review and post-generation editing.

© Copyright Microsoft Corporation. All rights reserved.

Example of simple prompts
“Summarize incident 15134 in Microsoft Defender into a “Can you give me information about Pearl Sleet activity, including
paragraph that I can submit to my manager and create a list of a list of known indicators of compromise and tools, tactics, and
entities involved.” procedures (TTPs)?”

Goal Context Expectations Source

What is the specific Why do you need it and What format or audience Is there a plugin, known
security-related information how will you use the do you want the response info, or data source Copilot
you need? information? tailored to? for Security should use?

“Give me information “…for a report that I can “Compile the information “Look in Defender
about incident 18718…” submit to my manager.” in a list, with a short incidents.”
summary.”

More prompting tips

© Copyright Microsoft Corporation. All rights reserved.

Example of simple prompts (cont.)

How can I improve my security posture?

Are any of my machines affected?

Summarize this incident in bullets.

Which alerts are being triggered the most?

What is log4shell?

Tell me about Defender incident 20259.

© Copyright Microsoft Corporation. All rights reserved.

Sample Prompts Library GitHub Sample Prompts Library Link

© Copyright Microsoft Corporation. All rights reserved.

Playbook Content

• Partner Strategic Insights

Value Proposition • Managed Services FAQs

[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Microsoft Copilot for Security is a generative

1 Scale Catch what others miss
AI-powered assistant for daily operations in
security and IT. Copilot for Security empowers
teams to protect at the speed and scale of AI
by turning global threat intelligence, industry
2 Speed Outpace adversaries

best practices, and organizations’ security

data into tailored insights to outsmart and
outpace adversaries.
3 Skilling Strengthen team expertise

© Copyright Microsoft Corporation. All rights reserved.

Copilot for Security Value Proposition
1 Scale Catch what others miss

Threat signals and security alerts create noise that conceal attackers. Copilot for Security enables teams to reason over real-time threat signals and
their enterprise data to cut through the noise, detect threats before they cause harm, and reinforce security posture.

Interoperability and Enhanced Insight Hyperscale Cloud-Powered Real-Time Analysis

Copilot for Security is engineered for seamless interoperability within the Powered by Microsoft's advanced hyperscale cloud infrastructure, Copilot
Microsoft security ecosystem, including Microsoft Security products and for Security offers unparalleled capabilities in conducting real-time
threat intelligence services. This integration enables teams to delve deeper analysis. This feature empowers teams with immediate, critical insights,
into security analytics, offering them more profound insights. By tapping fostering a proactive stance against cyber threats and facilitating a more
into the combined strengths of Microsoft's comprehensive security tools, informed decision-making process.
Copilot for Security not only enriches data analysis but also equips
organizations with the intelligence needed to anticipate and mitigate
cybersecurity threats more effectively.

Enhanced Accuracy Improved Quality of Work

A meticulously conducted trial demonstrates a significant leap in precision, In a comprehensive survey, an overwhelming 86% of participants testified
where users engaging with Copilot for Security recorded a 44% increase to a qualitative improvement in their work output after integrating Copilot
in task accuracy. This data underscores the system's capability to for Security into their workflows. This feedback highlights the platform's
refine decision-making and enhance operational efficiency in role in elevating the standards of cybersecurity practices.
cybersecurity endeavors.

© Copyright Microsoft Corporation. All rights reserved.

Copilot for Security Value Proposition
2 Speed Outpace adversaries

During security incidents, every minute counts. Copilot for Security puts critical guidance and context at security teams’ fingertips so they can
respond to incidents in minutes instead of hours or days.

Streamlined Query Responses Accelerated Task Completion

Empowering Teams with Efficiency: Copilot for Security transforms the way Enhancing Operational Speed: In controlled trials, Microsoft Copilot for
analysts and administrators interact with data. By enabling queries in natural Security has demonstrated a significant 26% reduction in task completion
language, the system intelligently generates outputs in script, KQL, or KeyQL times. This acceleration across various tasks showcases the platform's ability
formats. This innovation drastically cuts down the time teams spend on to streamline workflows and improve productivity.
manual data analysis and query formulation.

Incident Reporting Revolutionized Broadening Strategic Horizons with Faster

Dramatic Time Savings in Incident Documentation: Microsoft Defender Response Times
Experts have experienced a 90% reduction in the time required to write and
publish incident summaries, thanks to Copilot for Security. This efficiency Beyond Risk Mitigation: Speed is of the essence not only in reducing risk
revolutionizes incident management, freeing up valuable time for more during security incidents but also in facilitating quicker responses to
critical security tasks. stakeholders. The time saved in security and IT operations through faster
execution allows professionals to allocate more focus on strategic
initiatives, enhancing overall business value.
Significant Time Savings in Security Operations
Reimagining Efficiency in Security Operations: Early adopters of Copilot for Security
report a remarkable up to 40% time savings on standard security tasks. For more
repetitive tasks like alert triage and reporting, the efficiency gains are even more
pronounced, reaching up to 60%. This leap in productivity allows analysts to devote
their attention to more complex and impactful security challenges.

© Copyright Microsoft Corporation. All rights reserved.

Copilot for Security Value Proposition
3 Skilling Strengthen team expertise

Security teams must continuously elevate their expertise to stay ahead in an evolving threat landscape. Copilot for Security enables junior staff to
perform more advanced capabilities and redirects expert staff to the hardest challenges, thus elevating the proficiency of the entire team.

Empowering Junior Analysts with Flexible Integrated Workflow Options

Advanced Capabilities Offering both standalone and embedded modes, Copilot for Security
provides users with the flexibility to integrate AI-powered assistance into
Security's ability to translate natural language into Kusto Query Language their preferred workflows.
and perform sophisticated script analysis.

Delivering Expert-Level Security Insights Guided Response Features

Security experts acknowledge Copilot for Security's capability to produce Leveraging the Guided Response feature of Copilot for Security has led to
analyses on par with mid-to-expert level analysts, particularly in a 73% improvement in accuracy when querying about remediation steps,
summarizing incidents, analyzing scripts, and assisting with queries. marking a significant advancement in precision.

Sustaining Investigative Momentum with

Stateful Technology
Copilot for Security's stateful functionality ensures that teams can
seamlessly continue their investigative work across sessions, preserving
momentum and enhancing investigative efficiency.

© Copyright Microsoft Corporation. All rights reserved.

Maximizing value with Microsoft Security solutions
Microsoft Defender XDR Microsoft Sentinel Microsoft Intune Defender TI
Prevent and detect cross-domain Collect security data and correlate alerts Mitigate cyberthreats to devices, protect Understand cyberthreats and expose
cyberattacks at the speed of AI. Copilot for from virtually any source with intelligent data, and improve compliance across suspicious infrastructure with dynamic
Security is now embedded in Microsoft security analytics. clouds—now embedded with Copilot for threat intelligence, now included in
Defender XDR for early access customers. Security for early access customers. Copilot for Security at no additional cost.

Microsoft Copilot for Security

Microsoft Purview Microsoft Entra Defender EASM

Gain unprecedented visibility across your Copilot for Security skills help identity Surface insights from Defender EASM
security data – bringing signals together admins protect against identity about an organization's attack surface.
from Defender, Sentinel, Intune, Entra and compromise through providing identity You can use the system features built
Purview into a single pane of glass. Purview context and insights for security incidents into Security Copilot, and use prompts to
capabilities are essential here to help SOC and helping to resolve identity-related get more information. This information
teams determine the source of an attack risks and sign-in issues. can help you understand your security
and quickly identify sensitive data that posture and mitigate vulnerabilities.
could be at risk.

© Copyright Microsoft Corporation. All rights reserved.

Copilot for Security working with Microsoft Security
Microsoft Defender XDR Microsoft Sentinel Microsoft Intune Defender TI
• Summarize incidents quickly • Generate and run hunting queries • Compare different security baselines. • Share the IOCs or TTPs or tell me more about
• Act on incidents through guided responses • Pivot your investigation to specific incident • Get a summary of an existing policy. associated with Silk Typhoon.
(Triage, Containment, Investigation, assigned or related to an alert • Get policy assignment scope. • Share the technologies that are susceptible to
Remediation) • Get details on any entity and justifications • Get the differences or comparisons between the vulnerability CVE-2021-44228; or Summarize
• Get results fast when analyzing scripts and • Assess incidents and alerts with supporting two devices. • Show me the latest CVEs.
codes or reverse engineer malware evidence and recommendations. • Quickly gather details for a device by asking • Show me threat actors associated with
• View similar incidents and further review the • Summarize the findings from the investigation about it. CVE-2021-44228.
actions done in those similar incidents. and conclude with a set of recommendations. • Get detailed information about a user's device • Show me the threat articles associated with
• The View similar emails action, which is specific • And more… enrollments and device compliance for CVE-2021-44228.
to phishing incidents troubleshooting or a security investigation. • And more…
• And more… • And more…

Microsoft Copilot for Security Common: Run queries using natural language Prepare reports, summaries, and graphs Upskill teams via prompts and guidance

Microsoft Purview Microsoft Entra Defender EASM

• Expedite complex data security, data risk and user • Discover high risk users, overprivileged access, and suspicious sign-ins that aid in a security • Get attack surface summary.
risk surfaced incident investigation. • Get attack surface insights.
• Gain comprehensive summary of DLP alerts • Troubleshoot daily identity tasks such as why a sign-in required multi-factor authentication (MFA). • Get assets affected by CVEs by priority or
and/or insider risk alerts • Inquire about users, groups, sign-ins, and permissions then instantly get a risk summary and recommended CVE ID.
• Gain contextual summary of communication risks guidance for each identity at risk. • Get assets by CVSS score.
• Gain contextual summary of evidence collected in • Create a Lifecycle Workflow to streamline the process of creating and issuing user credentials and access rights. • Get expired domains.
review sets • Assisted risk investigation embedded experience in Entra – private preview • Get expired SSL certificates.
• Compliance, and legal investigations with AI- • Assisted sign-in troubleshooting embedded experience in Entra – private preview • Get SHA1 certificates.
powered summarization capabilities and natural • Assisted workflow creation embedded experience in Entra – private preview • And more…
language queries • And more…
• And more…

© Copyright Microsoft Corporation. All rights reserved.

Playbook Content

• Partner Strategic Insights

Roles and Use Cases • Managed Services FAQs

[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Examples

Roles

Benefits

Use Cases

© Copyright Microsoft Corporation. All rights reserved.

Elevate Your IT
and Amplify
Each IT Role
using Copilot
for Security

Examples

Roles

Benefits

Use Cases

© Copyright Microsoft Corporation. All rights reserved.

Elevate Your IT
and Amplify
Each IT Role
using Copilot
for Security

Examples

Roles

Benefits

Use Cases

© Copyright Microsoft Corporation. All rights reserved.

Playbook Content

• Solution Overview
Integration and Extensibility Details • Introduction
• Solution Architecture and
Advantages
• Prompt Engineering and Samples
• Value Proposition
• Roles and Use Cases
• Integration and
Extensibility Details
• Data Privacy, Sovereignty
and Compliance

Integration and • Partner Strategic Insights

Extensibility Details
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

© Copyright Microsoft Corporation. All rights reserved.

Extensibility

© Copyright Microsoft Corporation. All rights reserved.

Playbook Content

Data Privacy,
and Compliance

• Partner Strategic Insights

Sovereignty and • Managed Services FAQs

[Roadmap and Insights]

Compliance
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
• Copilot for Security and Azure OpenAI Service run in
Microsoft production tenants
• Customer data is encrypted at rest

• Customer data is not shared with OpenAI

• EU Customer data is stored in the EU

• As of October 2023, Copilot for Security has met or surpasses

Azure Public Preview standard, these are designed to ensure proper
How we protect data governance, privacy, and security in compliance with applicable
regulations.
customer data? • Copilot for Security meets all Azure production data compliance
(1 of 2) standards (Ref).
• All data stored in Azure is automatically encrypted at rest and uses
AES-256 encryption.
• Prompt Evaluation (processing) location is selectable within the
customer tenant during provisioning. Customer can halt processing
at any time (like in case of failover or general failure).

© Copyright Microsoft Corporation. All rights reserved.

Classified as Microsoft Confidential
• Microsoft uses comprehensive controls to protect your data.
All Copilot for Security data is handled according to Microsoft's
commitments to privacy, security, compliance, and responsible AI
practices. Access to the systems that house your data is governed by
Microsoft's certified processes.
• Copilot for Security runs queries as the user, so it never has elevated
privileges beyond what the user has.
• By default, Customer Data is not shared with Microsoft.
How we protect • If you chose to opt in to share Customer Data, your data is:

customer data? • Not shared with OpenAI

(2 of 2) • Not used for sales

• Not shared with third parties

• Not used to train Azure OpenAI foundational models

• As of January 2024, Copilot for Security has implemented all

requirements for the ISO 27001 (entered the ISO evaluation period)
and the Microsoft HIPAA BAA – related process and technical
controls. Certifications will take place later this year.
© Copyright Microsoft Corporation. All rights reserved.
Classified as Microsoft Confidential
Data Privacy, Sovereignty and Compliance References

Generative AI Infrastructure
AI Fundamentals Azure Data Security:
• The era of AI is now • Azure encryption overview
• AI Skilling Journey • Azure data encryption at rest
• Transform your business with Microsoft AI • Azure data encryption in transit
• AI Copilots in Microsoft’s Technology Portfolio • Azure Disk Encryption documentation
• Azure Storage encryption for data at rest
Privacy and Compliance • Playbook for addressing common security requirements with Azure SQL
• Microsoft’s Privacy Policy and Service Documentation Database and Azure SQL Managed Instance
• Microsoft Responsible AI Standards & Reference Guide • Azure data security and encryption best practices
• Microsoft Copyright Commitment Announcement • Azure Response to RFI/RFP for detailed assessments on Security, Privacy,
and Compliance (microsoft.com)
Microsoft’s approach to AI governance
• Governing AI: A Blueprint for the Future: Report | Video | Podcast Microsoft Data Security and Privacy:
• Microsoft’s framework for building AI systems responsibly • Microsoft data centers security
• Microsoft cloud data storage and transfer
• Microsoft Azure security, privacy, and compliance
• Data management at Microsoft
• Complying with national, regional, and industry-specific requirements
governing the collection and use of data
• Microsoft data privacy

© Copyright Microsoft Corporation. All rights reserved.

Playbook Content

Partner • Partner Strategic Insights

Strategic Insights
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Managed • Partner Strategic Insights

Services FAQs
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Available at GA Available at GA Available Post GA Available Post GA

Guest Account and Granular Delegated Azure Microsoft 365

Azure B2B Admin Privileges Lighthouse Lighthouse
(GDAP)
Customers can enable Guest Cross-tenant management Cross-tenant management
Access to managed security GDAP capabilities allow partners experiences let you work more experiences let you work more
services providers (MSSPs) by to control access to their efficiently with Azure services efficiently with Microsoft 365
inviting the partner external customers’ workloads to better such as Azure Policy, services.
user account. address their security concerns. Microsoft Sentinel, Azure Arc,
and many more. Doesn’t support Microsoft
Supports all workloads but Doesn’t support Microsoft Sentinel or Azure resources.
requires authenticating into Sentinel or Azure resources. Only supports Azure
customer tenant individually. services, most importantly
Microsoft Sentinel.

© Copyright Microsoft Corporation. All rights reserved.

Pivoting difficult customer conversations with MSSPs

Copilot for Security is meant to augment human expertise and not replace it. MSSPs bring a wealth of
Copilot for Security can replace or experience, talented team of experts and developed processes for handling a multitude of scenarios.
reduce my reliance on my MSSP… This allows MSSPs to infuse their knowledge, built over time, into managed services that cannot be
replicated by AI solutions that lack human driven perspective. Copilot... not Pilot...

An SLA contract is only a financially backed baseline agreement of how long something can take before
We have an SLA contract with our MSSP… an action or resolution is completed by the MSSP. When it comes to threats to an organization, you want
Why do I need Copilot for Security? to detect, triage, respond, and remediate as quickly as possible. Any advantage that reduces the time
between phases will reduce cost and damage that would have happened

Copilot for Security is a “Double As threat actors continue to intensify their incorporation of AI, we as Defenders must also incorporate
Investment” that I pay for where my AI into our security solutions to level the playing field. Copilot for Security not only augments human
MSSP benefits while their managed expertise from the MSSP, but also provides enriched embedded experiences where the customer can
SOC service offering cost isn’t reduced… benefit from the MSSP’s curated knowledge within a shared responsibility model.

© Copyright Microsoft Corporation. All rights reserved.

Better together: Copilot for Security and Human Expertise

Knowledge Wisdom

Efficiency Planning

Speed Intuition

Precision Creativity

Reliability Experience
Copilot Human
Objectivity Flexibility

Consistency Compassion

Endurance The overlap of human expertise and AI provides Empathy

the most benefit to customers

© Copyright Microsoft Corporation. All rights reserved.

Playbook Content

Partner
and Compliance

• Partner Strategic Insights

Opportunities • Managed Services FAQs

[Roadmap and Insights]

and Solutions
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
Partners Opportunities: Professional Services Providers
Examples: Service Integrators, Global Integrators

Training and Integration Tailored

Workshops Expertise Deployment

Educational services that equip security teams with A service dedicated to integrating Copilot for Security Offering a bespoke integration service that
the knowledge to maximize their use of Copilot for within the customer’s broader security ecosystem, customizes Copilot for Security to align with an
Security, covering advanced functionalities like query enhancing overall threat visibility and organization’s unique security environment, including
crafting, threat hunting, and leveraging AI for operational agility. specialized threat detection rules and seamless
security analytics. integration with existing security infrastructure.

SOC Efficiency Incident Response Regulatory Compliance

Enhancement Automation Automation

A consulting package aimed at streamlining SOC Implementing automated workflows that utilize Leveraging Copilot for Security to automate the
operations through the integration of Copilot for Copilot for Security to accelerate incident response generation of compliance and regulatory reports,
Security, focusing on improving alert management, times, significantly reducing the need for manual ensuring accuracy and timeliness in meeting industry
incident investigation, and response processes. intervention and enhancing the organization's or government standards.
resilience to cyber threats.

© Copyright Microsoft Corporation. All rights reserved.

Partners Opportunities: Managed Services Providers
Examples: Managed Security Service Providers (MSSP), Managed IT Service Providers

Comprehensive Enhanced Threat Intelligence Advanced

Managed Security Services and Incident Response Onboarding Services

MSSPs can significantly enhance their service Integrating Copilot for Security enables MSSPs to MSSPs can refine their onboarding processes by
portfolio by integrating Copilot for Security across enhance threat intelligence and streamline incident embedding Copilot for Security integrations, including
client environments or within their proprietary SOC response, drastically cutting down response times custom skills, promptbooks, and plugins, into their
solutions. This integration promises not just advanced through automation. This boosts security efficiency, workflows. Additionally, the use of Logic App
security insights but also operational improvements, allowing MSSPs to offer better SLAs and equip clients connectors and the enhancement of automation
facilitating a holistic security oversight and with proactive cybersecurity measures, setting new playbooks further streamline and secure client
streamlined threat management for their clients. operational benchmarks. environments from the get-go.

SOC SLA Augmentation Explore Professional

Enhancement of Team Expertise Services Opportunities

The operational efficiencies gained through Copilot Copilot for Security empowers MSSP teams with The insights and operational benefits provided by
for Security not only boost SOC and incident advanced capabilities, elevating their proficiency in Copilot for Security can reveal opportunities for
response performance but also offer MSSPs the handling complex security tasks. This enables the MSSPs to offer additional professional services, such
potential to propose improved SLAs. This translates reallocation of expert resources to tackle the most as the integration of unexploited security products or
to more compelling value propositions for clients challenging security problems, thereby optimizing the enhancement of existing security frameworks.
seeking reliable and swift incident handling. team performance and service quality.

© Copyright Microsoft Corporation. All rights reserved.

Partners Opportunities: Independent Software Vendors (ISV)
Examples: SaaS solution vendors, software solution vendors

Ecosystem Embedded
Expansion experiences

ISVs have the opportunity to broaden their ecosystem by crafting plugins for By embedding Copilot for Security's user interface within their SaaS applications
Copilot for Security. This strategic move allows them to integrate their platforms or third-party administrative portals, ISVs can offer a cohesive and integrated
seamlessly with Copilot, enabling customers to access and utilize their security experience. This approach allows users to leverage Copilot’s advanced security
solutions directly within the Copilot for Security interface. This synergy not only analysis and insights without leaving the ISV’s platform, fostering a more
enhances the value of their offerings but also simplifies the user experience, streamlined and efficient operational workflow.
making it easier for customers to manage their security landscape from a single,
unified platform.

Training Innovative
Platform Solution Offerings

ISVs have the opportunity to create specialized content and tools designed to Beyond these specific areas, ISVs can explore other innovative solution services
educate customers on maximizing the benefits of Copilot for Security. that leverage Copilot for Security’s capabilities. This could include custom
Developing a training platform dedicated to Copilot for Security not only analytics services, security posture assessment tools, or integration services that
positions the ISV as a thought leader in the cybersecurity space but also adds bridge Copilot for Security with other critical IT and security systems. The goal is
value to their customer offerings by empowering users with the knowledge to to unlock new value streams and enhance customer satisfaction by providing
effectively navigate and utilize the platform. solutions that address complex security challenges with advanced, AI-driven
insights and functionalities.

© Copyright Microsoft Corporation. All rights reserved.

Partners Opportunities: Cloud Solution Providers (CSP)
Examples: Direct Cloud Solution Providers, In-direct Cloud Solution Providers

Training Integration
and Workshops Expertise

Educational services that equip security teams with the knowledge to A service dedicated to integrating Copilot for Security within the
maximize their use of Copilot for Security, covering advanced customer’s broader security ecosystem, enhancing overall threat
functionalities like query crafting, threat hunting, and leveraging AI for visibility and operational agility.
security analytics.

Grow Your Expand your

Revenue purpose-built solutions

CSP partners have access to our unmatched cloud technology Deepen your offerings by integrating your own value-added services
portfolio, which they use to build unique offerings. Cross-sell or upsell alongside our comprehensive cloud and AI technology, as well as
your quality solutions to customers. third-party solutions from the commercial marketplace.

© Copyright Microsoft Corporation. All rights reserved.

Partners Opportunities Summary

Professional Managed Independent Software Cloud Solution

Services Providers Services Providers Vendors (ISV) Providers (CSP)

Training Comprehensive Managed Ecosystem Training and

and Workshops Security Services Expansion Workshops

Integration Enhanced Threat Intelligence Embedded Integration

Expertise and Incident Response experiences Expertise

Tailored Advanced Training Grow Your

Deployment Onboarding Services Platform Revenue

SOC Efficiency SOC SLA Innovative Solution Expand your

Enhancement Enhancement Offerings purpose-built solutions

Incident Response Augmentation

Automation of Team Expertise

Regulatory Compliance Explore Professional

Automation Services Opportunities

Playbook Content

• Partner Strategic Insights

Partners Ecosystem • Managed Services FAQs

[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
Partners Testimonials
“We believe that generative AI will be truly revolutionary and will allow us to become more effective and efficient, by orders of magnitude, in protecting our customers. We expect to
see productivity increases from our security operations center (SOC) analysts using Copilot for Security when dealing with scenarios like incident response and threat hunting, and
believe there is potential for upskilling effects, allowing any analyst to complete more advanced tasks quicker than ever before. We are proud to be on this journey with Microsoft and
remain excited as they continue to add more compelling capabilities to Copilot for Security.”
Brian Beyer, CEO, Red Canary

“When it comes to cybersecurity, threat actors are increasingly using AI to carry out sophisticated attacks, so why aren't defenders? We are operating in an era where fighting AI with
AI is non-negotiable. By partnering with Microsoft's Copilot for Security, we can help level the playing field for defenders together. Much of the AI universe sits behind Cloudflare, and
acting as the intermediary to allow businesses to harness the power of this technology in a safe way is critical.”
Matthew Prince, CEO, Cloudflare

“BlueVoyant is synonymous with security innovation and new product design with Microsoft. Being on the Design Advisory Council for Copilot for Security with Microsoft has
been an honor. The Copilot for Security team has given us a front row seat to positively shape the security use cases customers can take advantage of with generative AI. It is
groundbreaking that Microsoft has created a platform and foundation for partners and customers to build complementary and additive capabilities to drive innovative outcomes.
Whether its thinking about security ethics, investigations, metrics or attribution, we see Copilot for Security presenting opportunities for customization and expansion for our
managed services offers. We also see complimentary ways for customers to take advantage of what Copilot for Security has to offer as well.”
Mona Ghadiri, Microsoft Security MVP & Sr. Director of Product Management, BlueVoyant

“Microsoft Copilot for Security represents a groundbreaking advancement for Security Operations teams worldwide. Through our global Microsoft MXDR service, we're seeing up
to 40% reduction in incident resolution time when modelling against current processes. Additionally, it significantly enhances the work environment for Security Operations
Center (SOC) analysts by serving as their AI Security assistant for day-to-day operations,” comments Jason Revill, Global Cybersecurity CoE (Centre of Excellence) Lead at
Avanade. “As a member of the design advisory council, and a private preview customer, our ability to provide meaningful feedback and see it integrated into the product has
been highly rewarding. This collaboration positions us well to meet our clients' needs in the upcoming Early Access Program and beyond.”
Jason Revill, Global Security Center of Excellence Lead, Avanade

“Building on our recent investment to expand and scale our AI offerings, we're excited to team with Microsoft on bringing Copilot for Security to our joint customers, augmenting
their ability to predict—prevent—and rapidly respond to security threats. This will help empower all of our customers and provide new opportunities leveraging the responsible
use of generative AI.”
Sean Joyce, Global Cybersecurity and Privacy Leader, PwC
Microsoft Copilot for Security partner ecosystem
Managed Security Service Providers

Independent Software Vendors

Playbook Content

• Partner Strategic Insights

Partner Resources • Managed Services FAQs

[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
Copilot for Security Taxonomy – key terms & examples
Term Definition Examples
Capability
Code that enables Copilot for Security to complete a task either in another app or natively. There’s a capability for malicious script analysis.
(user-friendly version of skill)
A verb for saving a useful response from Copilot for Security to a list curated by the user for further action,
Pin A user can pin this for later reference.
such as exporting to Excel or generating a report.

Pinboard Side panel where saved Copilot for Security responses are collected. The pinboard slides out to show a collection of pins.

Plugin Gives Copilot for Security access to more information and capabilities. It's an integration code for a group of tasks Various plugins to first party products enable native
(user-friendly version of skillset) that can be completed for Copilot for Security inside a service (either first- or third-party) via an API. embedded experiences.

Process log The way Copilot for Security explains to users what actions were taken to generate the response so that they can Under my prompt populates a process log before showing
(formerly debugger) better interact and troubleshoot. the final output.

Prompt A user’s input to Copilot for Security, requesting a response. It can include text and/or code with links and/or attachments. I typed my prompt and received a fast response.

Prompt bar The input surface where users enter their requests for Copilot. It is the interaction point with the system. I request information by typing in the prompt bar.

Promptbook A group of prompts that run in sequence to complete a specific workflow. Run the promptbook and answer multiple prompts quickly.

References The attribution that the system provides to explain what its response is based on. From the references, this response used data from Sentinel.

Response AI-generated output in reply to the user’s prompt. It can include text with links, diagrams, and/or code. Copilot for Security’s response includes KQL to run in M365D.

Session
A project initiated by a user when they enter a prompt. Each session can have a series of multiple prompts. Let’s revisit my last session to continue this investigation.
(formerly investigation)

Orchestrator Generates a plan based on the prompt and available capabilities and executes that plan to return results. The orchestrator determines the skills to use for this prompt
(formerly planner)

Skill, Skillset Skills are what developers build, while skillsets are a package of one or more APIs for Copilot for Security to leverage. Intune skills cover SOC and IT scenarios.

Embedded experience In-app Copilot for Security experiences tuned for the specific user jobs that the application is known for. Copilot for Security is embedded in M365D.

Standalone experience Copilot for Security experience which is accessed through a browser. You can review in the standalone experience.
Playbook Content

Branding & • Partner Strategic Insights

Pricing Guidelines
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
Copilot for Security Brand Guidelines
Official Naming Convention
First mention: Microsoft Copilot for Security
Subsequent mentions:
1. Copilot (when the security context is clear enough) -or-
2. Copilot for Security (when the security context needs to be clearer)

Copilot for Security icon – this has been updated since the bootcamp please follow these guidelines
for icon usage
There are 3 themes available to use for the Copilot icon:
1. Color theme
2. an outline theme version in black and white

Color Monoline Monoline

Black White

Full Brand guidelines will be published to: https://aka.ms/CopilotforSecurityPartners when we move to general availability (GA)

Microsoft Copilot for Security Pricing
Pricing and Cost Management

Pricing Cost Estimate Cost Management

• Consumption-based Model Monthly bill = (SCUs/hour) x Managing Cost:

(hourly SCU price) • Capacity is managed by increasing or decreasing provisioned
• Customers will be billed
SCUs within the Azure portal or the Copilot for Security portal.
monthly for the number of SKU Price per hour
SCUs provisioned per hour • Proper and system-targeted prompting has significant cost-
Provisioned in saving results
$4
• Security compute units (SCU) US East
are the required units of Monitoring Consumption:
resources needed for • Copilot owners can view the usage over time within the
dependable, consistent Example: Microsoft Copilot for Security product using an in-product
performance of Microsoft • A customer is using 3 SCUs per hour for usage dashboard.
Copilot for Security. 24 hours a day 365 days a year, their:
• Monthly bill = 3x4x730 = $8,7601 Customer Bill:
• Capacity in the context of • Service Family: Security, Service name: Copilot for Security,
Copilot for Security, is an Azure • Yearly bill = $105,1201
SKU name: Provisioned
resource that contains SCUs. [1The bill will change if customers change
provisioned SCUs.] • EA invoice will look like: Az Copilot for Security-Provisioned-
Security Compute Unit-10/Hour-US East
Calculator:
• Customers can also view their bill using Azure Cost Management
• Azure Pricing Calculator

Playbook Content

• Partner Strategic Insights

Partner Readiness • Managed Services FAQs

[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
Partner Readiness Resources – Copilot for Security
Learn Extend Driving Customer Adoption
Overview Leveraging MSSP Enable services for Plugin use
• What is Microsoft Security Copilot? • Grant MSSP access • Microsoft Defender XDR
• Security Copilot experiences • Microsoft Sentinel
• Navigate Security Copilot
Plugins
• Plugins overview
• Microsoft Entra
• Create effective prompts • Microsoft Intune
• API
Get started with Security Copilot • GPT
• Microsoft Purview
• Get started with Security Copilot • KQL
• Microsoft Defender EASM
• Understand authentication • Manage plugins
• Microsoft Defender Threat Intelligence
• Prompting in Security Copilot • Plugin error codes Learn more about services integrations
• Try promptbooks • Security Copilot in Microsoft Defender XDR
• Improving Threat Hunting Efficiency using Copilot for Security Connectors overview
• Connectors overview • Security Copilot + Intune
• Efficient Security Investigation Summaries • Security Copilot and Defender EASM
• Logic Apps Connector
• Good Prompt Engineering • Security Copilot and Defender Threat Intelligence
Sample use cases • Copilot for Security in Microsoft Purview
• Triage incidents with enriched threat intelligence • Copilot for Security in Microsoft Entra
•
•
Investigate an incident's malicious script
Use Copilot in advanced hunting
Additional Information Address Concerns
• On Behalf Authentication
• Summarize an incident in Defender XDR References • Privileged Identity Mgmt.
• Use guided responses in Defender XDR • Data security and privacy • MDE Device Scope Groups
• Create an incident report in Defender XDR • Frequently Asked Questions
• Run script and code analysis in Defender XDR • Contact support Multi-tenant and Delegation Models
• Working in multi-tenant environment
Additional Partner Resources: Responsible AI • Grant MSSP access
• Learning Path • Overview
• Copilot for Security Partner Landing Page
• B2B Collaboration
• Responsible AI FAQ for Security Copilot
• Microsoft Tech Community Blog • Granular Delegated Admi Privileges (GDAP)
• Partner Sales & Pre-Sales Enablement Hub Documentation • Azure Lighthouse [FUTURE CAPABILITY IN COPILOT]
• Partner Academy • Microsoft Learn: Copilot for Security Documentation • Microsoft 365 Lighthouse [FUTURE CAPABILITY IN COPILOT]

Copilot for Security Official Learning Path (1 of 2)

Fundamental AI Concepts Fundamentals of Generative AI Fundamentals of Responsible

(36 min) (40 min) Generative AI
(50 min)
With AI, we can build solutions that seemed like In this module you'll explore the way in which
science fiction a short time ago; enabling large language models (LLMs) enable AI Generative AI enables amazing creative solutions
incredible advances in health care, financial applications and services to generate original but must be implemented responsibly to
management, environmental protection, content based on natural language input. You’ll minimize the risk of harmful content generation.
and other areas to make a better world also learn how generative AI enables the creation
for everyone. of AI-powered copilots that can assist humans in • Introduction
creative tasks. • Plan a responsible generative AI solution
• Introduction to AI
• Introduction • Identify potential harms
• Understand machine learning
• What is generative AI? • Measure potential harms
• Understand computer vision
• Large language models • Mitigate potential harms
• Understand natural language processing
• What is Azure OpenAI? • Operate a responsible generative AI solution
• Understand document intelligence and
knowledge mining • What are copilots? • Exercise - Explore content filters in
Azure OpenAI
• Understand generative AI • Improve generative AI responses with
prompt engineering
• Challenges and risks with AI
• Exercise - Explore generative AI with
• Understand Responsible AI
Bing Copilot

Copilot for Security Official Learning Path (2 of 2)

Describe Microsoft Copilot for Security Describe the core features of Describe the embedded experiences
(24 min) Microsoft Copilot for Security of Microsoft Copilot for Security
(32 min) (34 min)
Get acquainted with Microsoft Copilot for
Security. You are introduced to some basic Microsoft Copilot for Security has a rich set of Microsoft Copilot for Security is accessible
terminology, how Microsoft Copilot for Security features. Learn about available plugins, directly from some Microsoft security products,
processes prompts, the elements of an effective promptbooks, the ways you can export and this is referred to as the embedded experience.
prompt, and how to enable the solution. share information from Copilot, and much more. Learn about the scenarios supported by the
• Introduction Copilot embedded experience in Microsoft’s
• Introduction
security solutions.
• Get acquainted with Microsoft Copilot • Describe the features available in the
for Security standalone experience of Microsoft Copilot • Introduction
• Describe Microsoft Copilot for Security for Security • Describe Microsoft Copilot in Microsoft
terminology • Describe the Microsoft plugins available in Defender XDR
• Describe how Microsoft Copilot for Security Microsoft Copilot for Security • Microsoft Copilot in Microsoft Purview
processes prompt requests • Describe the non-Microsoft plugins supported • Microsoft Copilot in Microsoft Entra
• Describe the elements of an effective prompt by Microsoft Copilot for Security
• Describe how to enable Microsoft Copilot • Describe custom promptbooks
for Security • Describe knowledge base connections

Additional Resources

Partner Assets Customer Resources

Partner Academy Microsoft Copilot for Security Demo Videos Whitepapers and Infographics
• Copilot for Security Technical Journey Resources • Copilot for Security - Business Email • Microsoft Copilot for Security
& Resources • Introducing Microsoft Copilot for Security Compromise Economic Report
• Watch How Copilot for Security works • Copilot for Security - Human-operated • Microsoft Security for Copilot
GitHub Resources • Watch Copilot announcements
ransomware (HumOR) Economic Infographic
• Sample Prompts Library • Copilot for Security - Defender XDR • Microsoft Copilot for Security Capabilities
• Read past newsletters
• Sample Promptbooks Library embedded copilot to standalone and Coverage Infographic
• Copilot for Security one-pager copilot integration
• Sample Plugins • Microsoft Security for Copilot Promptbook
• Microsoft Copilot for Security documentation • Copilot for Security - Extended user account infographic
• Microsoft Copilot for Security Logic Apps | Microsoft Learn > investigation with copilot • How Copilot works with the Microsoft
• Customer Guides • Watch how Avanade saves time with • Copilot for Security - Cloud compromise Security Stack Whitepaper
• Technical Workshops for Microsoft Copilot Microsoft Copilot for Security
• Copilot for Security – Troubleshooting • How to use prompts in Microsoft Copilot for
for Security • Watch Microsoft Mechanics Copilot for Security (Blog)
Security How it Works
Foundation Products • Top 10 prompts with Microsoft Copilot for
Official Blogs and Websites • Monthly Partner Enablement Newsletter Security Infographic
• Microsoft Defender XDR
• Microsoft Copilot for Partners resource page • Monthly Partner Skilling Playbook
• Microsoft Sentinel
• Product page • Microsoft Copilot for Security Customer Videos and Webinars
• Microsoft Entra
• Official Blog Pitch Deck • Microsoft Copilot for Security Sizzle Video
• Microsoft Intune
• Microsoft Copilot for Security: An • Webinar Series: Intro to Microsoft Copilot
Experts Blogs introductory deep dive for MSSPs • Microsoft Purview
for Security
• Rod Trent’s AI & Security Blog • Microsoft Defender EASM

• Sameh Younis’ AI & Copilot Blog

Announcements and Blogs • Microsoft Defender Threat Intelligence Product page
• Oct. 19 Security AI Innovation Blog Post: • https://www.microsoft.com/en-
https://aka.ms/SecurityCopilotEAPBlog ca/security/business/ai-machine-
• Oct. 19 Security AI Announcement Video:: learning/microsoft-copilot-security
https://aka.ms/securitycopilotvideo

Playbook Content
DEMO

Demo Guidelines • Partner Strategic Insights

and Resources
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

Recorded Click-through Live

Demo Demo Demo
These demos consist of short videos, typically 5 to This method involves a recorded sequence of Conducting the demo in real-time, either within
10 minutes in length, where the functionality of screenshots compiled in a PowerPoint format a partner's environment or the customer's own
Copilot for Security is showcased. The videos are (or similar), guiding the viewer through each step setup. This approach highlights the real-world
carefully edited to omit any processing delays, of the process with the help of manual application and dynamic nature of Copilot
ensuring a seamless and polished presentation. progression controlled by the presenter. for Security.

Advantages: Advantages: Advantages:

• Consistency: Provides a uniform experience for • Flexibility: Offers the presenter control over • Interactivity: Allows for direct interaction and
all viewers. the demonstration's pace and sequence. immediate response to questions or scenarios
• Quality Control: Allows for the removal of any • Consistency: Ensures a consistent outcome posed by the audience.
unwanted segments, ensuring a smooth similar to recorded videos, with the added • Realism: Showcases the tool in a live
demonstration. benefit of pacing adjustments. environment, offering insights into its actual
performance and adaptability.
Considerations: Considerations:
• Pace Control: The pre-recorded nature of • Engagement: Requires the presenter to Considerations:
these demos means that presenters cannot effectively engage the audience since the • Unpredictability: The live nature means results
adjust the pacing in real-time based on demonstration relies on static images. can vary, and there may be unexpected delays or
audience engagement or questions. differences due to the generative AI's behavior.
• Use Case: Best suited for in-depth training
sessions rather than initial feature
demonstrations, due to the potential for
variability and processing delays.

Demo Strategies

Copilot Scenario Persona

Experience Coverage Focus
• Standalone Copilot Experiences • Individual Product Use Cases • Demos Tailored for Security /
Focuses on Copilot’s capabilities as a Demonstrations focused on specific SOC Personas
standalone tool, leveraging Microsoft Microsoft security products, illustrating Custom demos designed to align
security products' skills for specialized how Copilot enhances their with the day-to-day operations and
tasks or analyses. effectiveness and user experience. challenges faced by Security
Operations Center (SOC) teams,
• Demos with Embedded • Cross-Products Use Cases highlighting relevant Copilot features.
Copilot Experiences Showcases the integrative power of
Demos that integrate Copilot Copilot across multiple Microsoft • Demos Designed for Other
functionalities within existing workflows security products, emphasizing IT Personas
or security operations, showcasing seamless operations and enhanced Demonstrations focused on the
how Copilot acts as a seamless threat detection. broader IT domain, illustrating
extension of the security team.
Copilot's utility in managing security
• Embedded to Standalone Demo Experience across various IT infrastructures
and roles.
Start with the embedded experience within one product then
show case how to extend the investigation and transition to the
standalone product experience.

Demos

Demos
• Product Demo in the Customer Digital Experiences (CDX) platform

• CDX Copilot for Security Demo instructions

• Copilot for Security - Business Email Compromise >

• Copilot for Security - Human-operated ransomware (HumOR) >

• Copilot for Security - Defender XDR embedded copilot to standalone Copilot integration >

• Copilot for Security - Extended user account investigation with Copilot >

• Copilot for Security - Cloud compromise >

• Copilot for Security - Troubleshooting >

Playbook Content

Working with • Partner Strategic Insights

EAP Customers
• Managed Services FAQs
[Roadmap and Insights]
• Partner Opportunities and Solutions
• Partners Ecosystem

• Partner Resources
• Copilot for Security Taxonomy –
key terms & examples
• Branding & Pricing Guidelines
• Partner Readiness & Enablement
• Demo Guidelines and Resources
• Working with EAP Customers
• Learn more …
Early Access Program (EAP) Customers
EAP was a paid front-row seat to the private preview release of Copilot for Security. It offered customer unique opportunities
to understand and shape the future of product.

The program offered EAP customer the following advantages:

Be the first to use the Learn about and Participate in engineering- Try new features Receive support and
latest generative AI train teams on best practices led sessions to provide and capabilities not available guidance to ensure rapid
capabilities in applying generative AI to feedback and shape the to the public or broader ramp-up of security teams
key security use cases product’s vision Microsoft customer population and quick time to value

Value: Term:
• Unlimited seats and unlimited prompts Six-month term from purchase date
• Standalone Security Copilot experience
• Security Copilot embedded experience in Microsoft 365 Defender
• Unlimited seats of Defender Threat Intelligence at no additional cost
Prerequisites:
1,000+ seats of Defender for Endpoint P2;
minimum of 20% deployed

Early Access Program (EAP) – FAQ
What is Early Access Program (EAP)?
EAP was an invitation only paid preview program that launched to Microsoft customers in July 18, 2023. This program offered customers the
opportunity to participate, inform and influence the development of the product.

What’s the duration of the Microsoft Copilot for Security EAP?

The duration of the program is six (6) months. The six-month term starts from each customer’s respective purchase date. The purchase date is
defined as the day the customer clicks on "Place Order" in the Microsoft Admin center.

What will happen six months after the EAP purchase date?
The program will end six months after each customer’s respective purchase date. There will be no program extensions. A migration plan will be
in place to support those customers who will be migrating from EAP to GA to ensure that all their information is carried over to the GA
product. More details about this will be provided at GA (April 1, 2024)

Did customers bring their own MSSPs during the EAP phase?
Answers to
Yes, MSSPs that provide SOC services for EAP customers were able to access the customer’s Copilot for Security environment and participate
alongside their customer as an extension of their own security team (BYO-MSSP), under certain conditions.
partner’s
Was there any participating Partners during the EAP phase?
commonly Yes, some Microsoft partners were invited to join the EAP where they offered the opportunity to participate and exchange knowledge with
asked questions Microsoft experts.

What will happen to customers’ data and progress after the Early Access Program ends?
If the customer purchases Copilot for Security when it is generally available, they can continue to use these capabilities. If a customer decides
not to purchase the GA version of the product, their data will be purged after a period of time in accordance with our data retention policy.

Are there prerequisites to purchase at GA?

There are not product prerequisites to purchase. Customers, however, do need an Azure subscription. This is different to EAP where there were
more prerequisites.

Learn more

Copilot for Security Partners Page Partners Academy Page for GitHub Library for
Copilot for Security Copilot for Security
Get ready
Get ready Advance

Microsoft 365 Copilot: AI Integration & Benefits
No ratings yet
Microsoft 365 Copilot: AI Integration & Benefits
59 pages
Microsoft Copilot: AI & Data Protection
No ratings yet
Microsoft Copilot: AI & Data Protection
35 pages
ImplementationGuide CopilotforMicrosoft365 SMB
No ratings yet
ImplementationGuide CopilotforMicrosoft365 SMB
29 pages
How To Respond To Microsoft 365 Copilot Hitting The Market
No ratings yet
How To Respond To Microsoft 365 Copilot Hitting The Market
9 pages
Microsoft 365 Copilot Overview
No ratings yet
Microsoft 365 Copilot Overview
21 pages
Kloudynet - Microsoft Modern XDRSOC Offering 2022
No ratings yet
Kloudynet - Microsoft Modern XDRSOC Offering 2022
1 page
1 StartHere
No ratings yet
1 StartHere
2 pages
Endpoint Management Workshop: Unified Endpoint Management To Secure The Modern Workplace
100% (1)
Endpoint Management Workshop: Unified Endpoint Management To Secure The Modern Workplace
39 pages
iOS - Enroll To Intune in iOS Device
No ratings yet
iOS - Enroll To Intune in iOS Device
36 pages
Microsoft 365 Copilot Training Frequently Asked Questions
No ratings yet
Microsoft 365 Copilot Training Frequently Asked Questions
7 pages
Understanding Microsoft Intune Suite vs. Endpoint Manager
No ratings yet
Understanding Microsoft Intune Suite vs. Endpoint Manager
8 pages
Microsoft 365 Frontline Packages Comparison F1 Vs F3
No ratings yet
Microsoft 365 Frontline Packages Comparison F1 Vs F3
1 page
Exam Ref 70-696 Managing Enterprise Devices and Apps - Plan and Implement Software Updates
100% (1)
Exam Ref 70-696 Managing Enterprise Devices and Apps - Plan and Implement Software Updates
377 pages
Security, Compliance and Identity Partner Enablement Resource Guide
No ratings yet
Security, Compliance and Identity Partner Enablement Resource Guide
43 pages
Microsoft 365 Copilot Architecture
No ratings yet
Microsoft 365 Copilot Architecture
7 pages
Enterprise Security With Power Platform
No ratings yet
Enterprise Security With Power Platform
48 pages
Microsoft Copilot For Security Productivity Findings Whitepaper Jan2024
No ratings yet
Microsoft Copilot For Security Productivity Findings Whitepaper Jan2024
19 pages
Office 365 Security for IT Teams
No ratings yet
Office 365 Security for IT Teams
34 pages
Deepdiveintomicrosoftpurviewdatalossprevention 365educonchi Final 231106153517 E6cc7048
No ratings yet
Deepdiveintomicrosoftpurviewdatalossprevention 365educonchi Final 231106153517 E6cc7048
47 pages
Microsoft Copilot Scenarios For Education
No ratings yet
Microsoft Copilot Scenarios For Education
23 pages
DPIA Microsoft 365 Copilot
No ratings yet
DPIA Microsoft 365 Copilot
213 pages
M365e Identity Infra
No ratings yet
M365e Identity Infra
2 pages
Microsoft 365 Security and Compliance Capabilities
No ratings yet
Microsoft 365 Security and Compliance Capabilities
15 pages
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 10 - Device Encryption
No ratings yet
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 10 - Device Encryption
34 pages
Microsoft Copilot Studio - Workshop
No ratings yet
Microsoft Copilot Studio - Workshop
66 pages
Building a Successful API Security Program
No ratings yet
Building a Successful API Security Program
19 pages
Copilot For Microsoft365 SMB Customer Data Sheet
No ratings yet
Copilot For Microsoft365 SMB Customer Data Sheet
2 pages
App Protection Policies
No ratings yet
App Protection Policies
9 pages
Copilot For Microsoft 365 Learning Pathway
100% (1)
Copilot For Microsoft 365 Learning Pathway
5 pages
Transform Your Enterprise With Microsoft Solutions
No ratings yet
Transform Your Enterprise With Microsoft Solutions
5 pages
3 UserEnablementGuide CopilotforMicrosoft365
No ratings yet
3 UserEnablementGuide CopilotforMicrosoft365
64 pages
CIS Apple IOS 17 and IPadOS 17 Intune Benchmark v1.0.0
No ratings yet
CIS Apple IOS 17 and IPadOS 17 Intune Benchmark v1.0.0
262 pages
Microsoft 365 Copilot Architecture & Deployment
No ratings yet
Microsoft 365 Copilot Architecture & Deployment
7 pages
Microsoft365 Copilot Customer Licensing and Technical Requirements
No ratings yet
Microsoft365 Copilot Customer Licensing and Technical Requirements
5 pages
What Is Microsoft Copilot For Microsoft 365 - Training - Microsoft Learn
No ratings yet
What Is Microsoft Copilot For Microsoft 365 - Training - Microsoft Learn
3 pages
Salesforce Security Impl Guide 250220 194102
No ratings yet
Salesforce Security Impl Guide 250220 194102
332 pages
Getting Started With Intune Migrations
No ratings yet
Getting Started With Intune Migrations
37 pages
Microsoft 365 Defender Intro
No ratings yet
Microsoft 365 Defender Intro
31 pages
The Complete Deployment Story Microsoft Purview PDF 1752876004
No ratings yet
The Complete Deployment Story Microsoft Purview PDF 1752876004
101 pages
O365 Ext Sharing
No ratings yet
O365 Ext Sharing
20 pages
V2 - 61 Analytics On Azure Specialization Audit Checklist
No ratings yet
V2 - 61 Analytics On Azure Specialization Audit Checklist
27 pages
Mcra December 2023
No ratings yet
Mcra December 2023
95 pages
MD 102T00 ENU PowerPoint 07
No ratings yet
MD 102T00 ENU PowerPoint 07
30 pages
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 08 - Exploit Guard and Application Guard
No ratings yet
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 08 - Exploit Guard and Application Guard
67 pages
Security Orchestration, Automation, and Response (SOAR)
No ratings yet
Security Orchestration, Automation, and Response (SOAR)
21 pages
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 04 - Endpoint Protection Policies
No ratings yet
Device Protection With Microsoft Endpoint Manager and Microsoft Defender For Endpoint - Module 04 - Endpoint Protection Policies
23 pages
Azure Week1 - Class Presentation
No ratings yet
Azure Week1 - Class Presentation
43 pages
Prepare Your Organization For Microsoft Copilot For Microsoft 365
No ratings yet
Prepare Your Organization For Microsoft Copilot For Microsoft 365
60 pages
Requirements For Azure Information Protection - AIP - Microsoft Docs
No ratings yet
Requirements For Azure Information Protection - AIP - Microsoft Docs
5 pages
MD 102T00A ENU PowerPoint Introduction
No ratings yet
MD 102T00A ENU PowerPoint Introduction
13 pages
005 Administer Governance and Compliance
No ratings yet
005 Administer Governance and Compliance
36 pages
Microsoft Certification Guide
No ratings yet
Microsoft Certification Guide
31 pages
RBAC Essentials for IT Admins
No ratings yet
RBAC Essentials for IT Admins
29 pages
Malware Removal Checklist
No ratings yet
Malware Removal Checklist
1 page
Azure Sentinel Deployment and Migration Services
No ratings yet
Azure Sentinel Deployment and Migration Services
2 pages
Power Platform Release Plan 2025wave1
No ratings yet
Power Platform Release Plan 2025wave1
426 pages
Copilot For Microsoft 365 Implementation Framework: Overview Guidance
No ratings yet
Copilot For Microsoft 365 Implementation Framework: Overview Guidance
16 pages
Follow Me On Linkedin For More Content Like This!
No ratings yet
Follow Me On Linkedin For More Content Like This!
18 pages
Copilot For Security Coverage and Capabilities Infographic FINAL
No ratings yet
Copilot For Security Coverage and Capabilities Infographic FINAL
1 page
EN WBNR Ebook Shobhit SREVM52577
No ratings yet
EN WBNR Ebook Shobhit SREVM52577
10 pages
AI and The Global Economy: Unlocking Growth and Reshaping Work
No ratings yet
AI and The Global Economy: Unlocking Growth and Reshaping Work
33 pages
State of The Agentic Ai Market Report 2025
No ratings yet
State of The Agentic Ai Market Report 2025
37 pages
Field Installation Guide Cisco HCI UCM
No ratings yet
Field Installation Guide Cisco HCI UCM
31 pages
NVIDIA NIM Customer Deck - Partners
No ratings yet
NVIDIA NIM Customer Deck - Partners
12 pages
Large Language Model Threats Taxonomy 20240610
100% (1)
Large Language Model Threats Taxonomy 20240610
12 pages
Solution Overview NIM
No ratings yet
Solution Overview NIM
2 pages
Windows XP Serial Numbers List
No ratings yet
Windows XP Serial Numbers List
3 pages
Mini Task SC Recruitment Process
No ratings yet
Mini Task SC Recruitment Process
6 pages
Zane A. Dunnells: 102 Stillwater Trail, TN 615-264-7195 Weebly Website Objective
No ratings yet
Zane A. Dunnells: 102 Stillwater Trail, TN 615-264-7195 Weebly Website Objective
1 page
Black Wade The Wild Side of Love PDF
No ratings yet
Black Wade The Wild Side of Love PDF
4 pages
2010 Networking Course Guide
No ratings yet
2010 Networking Course Guide
4 pages
SPO For Admin Lab B
No ratings yet
SPO For Admin Lab B
32 pages
Microsoft 365 Hybrid Deployment and Security Management
100% (1)
Microsoft 365 Hybrid Deployment and Security Management
76 pages
Client Access Licenses 101
No ratings yet
Client Access Licenses 101
2 pages
First Division (G.R. No. 166391, October 21, 2015)
No ratings yet
First Division (G.R. No. 166391, October 21, 2015)
5 pages
McAfee ePolicy Orchestrator 4.6 Guide
No ratings yet
McAfee ePolicy Orchestrator 4.6 Guide
34 pages
Bill Gates Is O-WPS Office
No ratings yet
Bill Gates Is O-WPS Office
2 pages
PowerShell User Command Log
No ratings yet
PowerShell User Command Log
58 pages
EXCEL Intermediate Practice Activities
No ratings yet
EXCEL Intermediate Practice Activities
4 pages
Arthur
No ratings yet
Arthur
2 pages
A Project Report
No ratings yet
A Project Report
62 pages
Microsoft vs Linux: Strategic Analysis
No ratings yet
Microsoft vs Linux: Strategic Analysis
3 pages
VBA in EXCEL - Connect To SQL Server
No ratings yet
VBA in EXCEL - Connect To SQL Server
8 pages
TSI - Migrating To Azure - E-Book
No ratings yet
TSI - Migrating To Azure - E-Book
23 pages
Rise of Nations Manual (English)
100% (1)
Rise of Nations Manual (English)
20 pages
PKSolver Installation Instructions
50% (2)
PKSolver Installation Instructions
18 pages
Mde Urls Commercial
No ratings yet
Mde Urls Commercial
33 pages
Transfer Order in D365 1744697791
No ratings yet
Transfer Order in D365 1744697791
15 pages
AZ-900T00 Microsoft Azure Fundamentals-00
100% (1)
AZ-900T00 Microsoft Azure Fundamentals-00
9 pages
Quick Scan Features Setup Guide
No ratings yet
Quick Scan Features Setup Guide
14 pages
Bill Gates - Interview With Playboy
No ratings yet
Bill Gates - Interview With Playboy
28 pages
Export Report To PDF Vba Ssrs
No ratings yet
Export Report To PDF Vba Ssrs
2 pages
Database Connections: What Is Adodb Connection ?
No ratings yet
Database Connections: What Is Adodb Connection ?
4 pages
MD 102 Questions
No ratings yet
MD 102 Questions
6 pages
eConnectInstallAdminGuide PDF
No ratings yet
eConnectInstallAdminGuide PDF
69 pages
Runprocess Log
No ratings yet
Runprocess Log
2 pages