Skip to content
Microsoft Security Copilot
Intermediate

Accelerate Security Operations with Security Copilot

Use AI-powered security analysis with Microsoft Security Copilot for incident response and threat hunting.

Start Learning Hands-on labs and real-world scenarios
About

About This Course

Microsoft Security Copilot brings generative AI directly into security operations. This course shows you how to use it for real SOC work — incident summarization, script analysis, threat intelligence lookups, KQL query generation, and guided investigation workflows. This is not a theoretical overview of AI in security. You will see Security Copilot in action across Sentinel, Defender XDR, and the standalone experience.

The course covers both the embedded experience (Copilot integrated into Defender and Sentinel portals) and the standalone experience (the dedicated Security Copilot interface). You will build custom promptbooks that standardize investigation workflows — ensuring consistent analysis regardless of which analyst picks up the incident. The integration sections show how Copilot pulls context from Defender XDR incidents, Sentinel logs, Intune device data, and threat intelligence feeds.

Administration matters here because Security Copilot uses capacity-based licensing. You will learn how to manage compute units, configure access controls, monitor usage, and ensure your organization gets value from the investment without runaway costs.

Outcomes

What You'll Learn

01

Use Security Copilot for incident summarization, script analysis, and threat intelligence

02

Build custom promptbooks for repeatable security investigation workflows

03

Integrate Security Copilot with Sentinel, Defender XDR, and Intune

04

Manage Security Copilot capacity, access controls, and usage monitoring

Before You Start

Prerequisites

  • Familiarity with Microsoft Sentinel or Defender XDR is recommended
  • A basic understanding of security operations workflows
Audience

Who Is This Course For

This course is for SOC analysts, security engineers, and security managers who want to use Microsoft Security Copilot effectively. If your organization has deployed or is evaluating Security Copilot, this course teaches you both the hands-on usage patterns and the administrative controls to get real value from the tool. Familiarity with Microsoft Sentinel or Defender XDR is recommended.

Curriculum

What's Inside

01

Security Copilot Fundamentals

  • Standalone and embedded experiences
  • Natural language prompting for security analysis
  • Built-in capabilities and plugins
  • Understanding Security Copilot responses and citations
02

Investigation Workflows

  • Incident summarization and impact analysis
  • Script and command line analysis
  • Threat intelligence lookups and enrichment
  • KQL query generation and refinement
03

Custom Promptbooks

  • Building promptbooks for repeatable investigations
  • Chaining prompts for multi-step analysis
  • Sharing promptbooks across the SOC team
  • Best practices for prompt engineering in security
04

Administration and Integration

  • Capacity management and compute units
  • Role-based access control for Security Copilot
  • Integration with Sentinel, Defender, and Intune
  • Usage monitoring and cost optimization