Microsoft Copilot for Security Increases the Efficacy of Security

Microsoft Copilot for Security Increases the Efficacy of Security

The News: Microsoft announces the upcoming general availability of Copilot for Security on April 1 at Microsoft Secure. Additional details are available on the Microsoft website.

Microsoft Copilot for Security Increases the Efficacy of Security

Analyst Take: Microsoft Copilot for Security is a generative AI security solution designed to support both security and IT professionals from the standpoints of efficiency and efficacy. The solution augments machine learning (ML) with large language models (LLMs) for deep learning, with user interaction occurring via a natural language interface. It benefits from Microsoft’s vast threat intelligence data, including the more than 78 trillion security signals that Microsoft processes per day.

From the standpoint of efficiency, Microsoft Copilot for Security can automate repetitive tasks such as threat hunting and incident response, as a result freeing up security professionals to focus on more strategic work. It also can augment security teams’ existing areas of expertise, even providing security and threat intelligence that is specific to the user’s particular organization. The tool focuses on a key challenge that I hear from security teams—the ability to keep pace with how threat actors are continuously adapting their approaches to become more effective and impactful, especially with the new fuel that they have in AI. Limitations pertaining to headcount and skills adaptations are real.

Notably, Microsoft executed an economic study on the tool that indicated that experienced security analysts were 22% faster and 7% more accurate with Copilot. In an interview with Six Five Media, Vasu Jakkal, Corporate Vice President of Microsoft’s security business, expressed visions of the tool going so far as to attract new talent to the security field. In a subsequent Six Five interview, Sherrod DeGrippo, the director of Microsoft’s threat intelligence strategy, painted an exciting vision of the tool helping organizations to better match their existing skill sets to needs such as shoring up their key areas of vulnerability.

As discussed in our interview conversations, users that have worked with Microsoft Copilot for Security as part of the company’s early adopter program have generally expanded their usage of the tool over time. Part of the adoption curve is opening their mind to the potential use cases, as well as the tool’s accuracy and effectiveness. Note this trend across technology sectors, as AI contributes to a reshaping of workflows and responsibilities. Promptbooks, which are a series of natural language prompts for tasks and workstreams, can help; Microsoft offers pre-built promptbooks and the ability for customers to create their own.

Microsoft Copilot for Security can be accessed through a standalone portal or embedded into Microsoft security products that customers are already using, which can make it easier for IT and security professionals to utilize the capabilities while making the Copilot capabilities more specific to particular use cases. In a powerful example, I saw a demo of the tool with Microsoft Purview, a tool for data visibility, compliance, governance, and security, and Microsoft Word. In the demo, the user was able to create a data privacy policy and have that policy applied automatically not only to existing files but also to Word documents as they are being created. Through Purview, security and compliance administrators can then obtain insights into sensitive data, alert summaries that are summarized to prioritize the most critical ones, and investigation workflows.

Another example is the integration of Copilot for Security with Microsoft Entra, an identity and access management tool that provides audit logs and diagnostic logs, which is now in preview. Copilot for Security can support risk and threat investigation, for example, recommending access policies to improve the security posture. This use case will be critical for security and IT teams, as identity-related attacks are materially on the rise.

Also coming will be a unified security operations platform with embedded Copilot for Security within the Microsoft Defender portal for security information and event management (SIEM) and extended detection and response (XDR) that will prompt analysts as they investigate and respond to threats. The Copilot AI technology will help to guide the investigation and response process, expediting these processes with the additional benefit of utilizing the most up-to-date Microsoft threat intelligence. Along a similar vein, also in preview is Copilot for Intune, Microsoft’s Unified Endpoint Management (UEM) solution, which will help administrators and analysts to detect and remediate issues more quickly.

A final – and critical – note is that Microsoft is including controls for customers when it comes to facilitating secure usage of Microsoft and third-party AI applications. For example, in the demo of Copilot for Security’s integration with Microsoft Purview, I witnessed the ability to identify high-risk AI applications, as well as to control and oversee the users that are accessing these applications.

In summary, Copilot for Security can help struggling security and IT professionals by streamlining day-to-day tasks while improving threat detection and accelerating incident response. Examples include incident summarization and analysis and guidance on proactive measures and response. At the same time, it can unlock additional value, for example in the form of skills prioritization and amplification. Microsoft’s promptbooks and insights into how teams are using the tool will help to make it accessible, as will its integration with both Microsoft and third-party tools from partners such as Netskope, Valene Security, Tanium, Cyware, and SGNL, and its consumption-based pricing model.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

The Intersection of AI and Threat Intelligence – The Six Five On the Road

Microsoft and the Future of Security – The Six Five On The Road

Microsoft Copilot for Security – Protecting at the Scale and Speed of AI – The Six Five On the Road

Image Credit: Microsoft

Author Information

Krista Case

Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Related Insights
OpenAI ChatGPT Work Ships Files, Not Just Chat. The Enterprise Race Is On
July 10, 2026

OpenAI ChatGPT Work Ships Files, Not Just Chat. The Enterprise Race Is On

Nick Patience, VP & Practice Lead for AI Platforms at Futurum, unpacks OpenAI's ChatGPT Work and GPT-5.6 launch, the use cases OpenAI showcased, and whether either moves the needle against...
Can Anthropic's GRAM 'Off Switch' Make Dual-Use AI Safer Without Killing Utility?
July 10, 2026

Can Anthropic’s GRAM ‘Off Switch’ Make Dual-Use AI Safer Without Killing Utility?

Anthropic and AE Studio introduced GRAM, enabling selective removal of sensitive AI capabilities without retraining, potentially addressing privacy and security concerns for organizations adopting generative AI....
Zoom's Platform-Agnostic AI Receptionist Reshapes Telephony Competition
July 10, 2026

Zoom’s Platform-Agnostic AI Receptionist Reshapes Telephony Competition

Keith Kirkpatrick, Vice President & Research Director, Enterprise Software & Di at Futurum, Zoom's Virtual Agent Receptionist disrupts legacy phone systems and accelerates enterprise adoption of GenAI-powered customer service solutions....
Is Migrating from Synapse to Databricks the Shortcut to Unified AI-Ready Data?
July 10, 2026

Is Migrating from Synapse to Databricks the Shortcut to Unified AI-Ready Data?

Organizations are consolidating data infrastructure around unified platforms, with 73.6% planning to increase spending—signaling a shift toward AI-ready, simplified architectures that eliminate costly silos....
Ignoring People Strategy Is the Hidden Cost in AI-Driven Growth
July 10, 2026

Ignoring People Strategy Is the Hidden Cost in AI-Driven Growth

IT By Design's Jill Chapman reveals how neglecting talent strategy costs channel organizations millions, as 50.9% of partners race to hire C-suite AI consulting leadership, demanding smarter human capital alignment....
Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?
July 10, 2026

Exprivia Bets Big on Banking Security: Can Partnership Drive Real Innovation?

Exprivia announced partnership with ABI's WeSec summit as Main Partner, aligning with surging demand for cybersecurity and AI solutions across Italian banking. The move positions the company to capitalize on...

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.