Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
What are Agents for Security Copilot? What is the Admin/End-User Experience and what is the Developer experience?
A Security Copilot AI Agent is a system that perceives the digital and physical environment of the customer. An agent makes decisions, and takes actions to achieve a goal, with the autonomy granted it by the Security Copilot customer. The customer's authorized administrator installs all Security Copilot agents from within the Microsoft Defender XDR, Microsoft Entra, Intune, Purview, and Security Copilot portals. The administrator sets the agent's identity and configures role-based access control (RBAC) for the agent. The end user of an agent is a security analyst (Defender, Microsoft Entra, Threat Intel), privacy analyst (Purview), or IT Administrator (Microsoft Entra, Intune), and they primarily experience agents through their respective portals. There isn't currently a developer experience available to customers or partners.
What can Security Copilot agents do?
- Three agents autonomously triage and categorize alerts and incidents: Phishing Triage, Alert Triage for Data Loss Prevention, and Alert Triage for Insider Risk Management.
- Three agents autonomously perform proactive security tasks: Vulnerability Remediation, Threat Intelligence Briefing, and Conditional Access Policy Drift.
- For plan generation and execution, each of these agents uses either:
- Simple orchestration provided by the Microsoft agent developer, meaning the developer wrote code to direct the agent or
- AI orchestration provided by the platform, meaning that a mixture of Security Copilot-authored code and LLM instructions directs the agent.
What are the Security Copilot Agent experiences intended use?
- Phishing Triage Agent: autonomously triages user-reported phishing incidents in Microsoft Defender XDR, performing enrichment on the incident, and potentially resolving the incident based upon the agent's analysis on text and images.
- Alert Triage for Data Loss Prevention: autonomously triages DLP alerts in Microsoft Purview, performing enrichment on the alert and potentially resolving the alert based upon the agent's analysis.
- Alert Triage for Insider Risk Management: autonomously triages IRM alerts in Microsoft Purview, performing enrichment on the alert and potentially resolving the alert based upon the agent's analysis.
- Vulnerability Remediation: autonomously builds a patching group to remediate published vulnerabilities with patches that apply to the customer's environment. The agent doesn't apply patches to the environment.
- Threat Intelligence Briefing: autonomously researches and sends a weekly threat intelligence briefing agent to the customer.
- Conditional Access Policy Drift: autonomously builds a policy change that keeps the identity system and user system of the customer in sync.
How was the Security Copilot Agent Experience evaluated? What metrics are used to measure performance?
- For the private preview phase, each agent was evaluated by its product and research team with use case and design input from customers.
- We evaluated the security of the system through a red teaming exercise.
What are the limitations of Security Copilot Agents? How can users minimize the impact of their limitations when using the system?
- This is a public preview release, so customers should treat Security Copilot agents as a prerelease capability. This means that customers should review the decision making of the agent prior to acting upon its outputs. The agent decision making is available within the product experience.
- The agents are suitable only for the specific task they're designed to perform (see the intended use cases above). The agents aren't suitable for any other task.
- When users submit feedback to an agent to be stored in memory, the agent doesn't provide a summary of its interpretation of the feedback. This means users won't receive immediate validation of how their input was understood. To minimize ambiguity here, users should submit clear, concise, and specific feedback. This helps ensure the agent's interpretation aligns closely with the user's intent, even without an explicit summary.
- Current UI doesn't indicate the event of conflicting feedback being reported. Users should regularly review feedback to understand what's already been submitted to the agent to make sure it aligns with their needs.
- The agent node map is designed to provide a high-level view of the steps taken during an agent process. Each node in the node map displays the title of the skill used at each step (for example, 'UserPeers' or 'SummarizeFindingAgent'), along with basic information such as completion status, duration, and a timestamp. It doesn't provide an in-depth summary of the specific actions taken at each node. Users can minimize the impact by reviewing the node titles carefully, as they're written to describe the action taken. They can then infer the purposes of each step, by considering the titles within the context of the agent's broader task.
- The agents use memory to store authorized users' feedback and apply that information to subsequent runs. For example, a security analyst might provide the following feedback to the User Submitted Phishing Triage Agent, "Emails from hrtools.com are from my HR training vendor, so don't flag them as phishing attacks unless there's malware on the link endpoint." That feedback is stored in memory and then applies to subsequent agent runs so that the customer's business context is captured effectively. To protect the memory from poisoning by a malicious or unintentionally mistaken update, the customer's administrator configures who is authorized to provide feedback to the agent. Moreover, the administrator may view, edit, and delete the content of the memory, which is accessible from the agent configuration screens in the product.
What operational factors and settings allow for effective and responsible use of Security Copilot Agents?
- Each agent runs under either a managed identity or as a captured user, enabling the administrator to govern the data it has access to.
- Each agent has RBAC controls, and the two Purview agents may be further restricted as to what data they process.
- None of these six agents takes action that can't be undone. For example, three agents change the status of incidents or alerts, an act that can easily be reversed.
- The administrator governs who in the organization may provide feedback to the agent.
How do I provide feedback on Security Copilot agents?
Each agent has a feedback mechanism allowing customers to provide natural language feedback to the agent. The agent incorporates that feedback in an active learning loop.
Plugin Support
Security Copilot agents don't support plugins.