Unlocking AI-Powered Security: Step-by-Step with Microsoft Security Copilot

Introduction

In the ever-evolving landscape of cybersecurity, staying ahead of threats is crucial. For enthusiasts of Generative AI (GenAI), Microsoft Security Copilot offers an exciting frontier to explore. Leveraging the power of AI, Security Copilot not only enhances threat detection and response but also integrates seamlessly with various security tools. This guide delves into the setup, licensing, and plugins of Security Copilot, providing a comprehensive overview for those eager to harness AI for robust cybersecurity. Whether you’re a seasoned professional or a GenAI enthusiast, Security Copilot is a game-changer worth exploring.

This blog will walk you through the licensing, setup, and use of various plugins in Microsoft Security Copilot, using a business scenario to illustrate its practical application.

Licensing on Security Compute Units (SCUs) : Overview Licensing Model

Microsoft Security Copilot operates on a provisioned capacity model, billed by the hour. You need to purchase Security Compute Units (SCUs) to run Security Copilot workloads.

Here are the key points to remember:

• Pricing: SCUs are billed at approximately $4 per hour [1].
• Provisioning: Microsoft recommends starting with 3 SCUs per hour to explore Security Copilot [1].
• Management: You can increase or decrease SCUs as needed, and billing is calculated in hourly blocks [2].

Licensing Model – Important Points

• Provisioned Capacity: Security Copilot is sold on a provisioned capacity model, meaning you purchase and pay for Security Compute Units (SCUs).
• SCUs: SCUs are the fundamental measure of capacity for Security Copilot.
• Scalability: You can provision SCUs and increase or decrease them at any time.
• Minimum and Maximum: Customers can provision a minimum of 1 SCU per hour and a maximum of 100 SCUs.
• Embedded Experiences: Accessing Security Copilot embedded experiences in other Microsoft security products is considered an embedded experience.

Steps to Set Up Microsoft Security Copilot

Setting up Microsoft Security Copilot involves several steps. Here’s a detailed guide:

1. Minimum Requirements:
   • An Azure subscription is required to purchase SCUs [3].
   • Ensure your environment meets the necessary prerequisites.
2. Roles & Permissions:
   • Copilot for Security roles
     1. Copilot owner
     2. Copilot contributor
   • Microsoft Entra roles
     1. Security Administrator
     2. Global Administrator
   • Azure IAM roles
     1. Azure Owner
     2. Azure contributor
3. Onboarding:
   • Sign in to Security Copilot.
   • Select “Get Started” and set up your security capacity by associating it with an Azure subscription and resource group [3].
   • Specify the number of SCUs and confirm the terms and conditions.
4. Setting Up the Environment:
   • Configure your default environment by selecting the prompt evaluation location and other settings [3].
   • Use the Security Copilot portal to manage capacity and monitor usage.

Using Plugins in Microsoft Security Copilot

Security Copilot comes with various preinstalled plugins and supports custom plugins to extend its capabilities. Here’s how to manage and use them:

1. Preinstalled Plugins:
   • Security Copilot integrates with several Microsoft services like Microsoft Defender, Azure Firewall, and Microsoft Sentinel [4].
   • Non-Microsoft plugins such as AbuseIPDB and CheckPhish are also available[5].
2. Managing Plugins:
   • Turn plugins on or off and apply filters to find the most relevant ones for your workflow[4].
   • Personalize plugin settings to suit your organization’s needs [4].
3. Custom Plugins:
   • Create custom plugins by building a plugin manifest file and publishing it to Security Copilot [6].
   • Set permissions for who can add and manage custom plugins within your organization [4].

Business Scenario: Enhancing Security for a Financial Institution

Let’s consider a financial institution aiming to enhance its cybersecurity posture using Microsoft Security Copilot.

1. Licensing and Provisioning:
   • The institution purchases 5 SCUs to ensure robust performance and scalability.
   • They monitor usage through the Security Copilot dashboard to optimize costs.
2. Setup:
   • The IT team sets up Security Copilot, associating it with their Azure subscription and configuring the environment to handle sensitive financial data.
   • They onboard key security personnel and provide training on using Security Copilot.
3. Using Plugins:
   • The institution enables plugins for Microsoft Defender and Azure Firewall to monitor and respond to threats in real-time.
   • They also use custom plugins to integrate with their proprietary threat intelligence platform, enhancing their ability to detect and mitigate threats specific to the financial sector.

Conclusion

Microsoft Security Copilot is a powerful tool for enhancing cybersecurity. By understanding its licensing, setup, and plugin management, organizations can leverage its capabilities to protect their digital assets effectively. Whether you’re a small business or a large enterprise, Security Copilot can help you stay ahead of cyber threats.

References

[1] Microsoft Security Copilot – Pricing | Microsoft Azure

[2] Manage usage of security compute units in Security Copilot

[3] Get started with Microsoft Security Copilot | Microsoft Learn

[4] Manage plugins in Microsoft Security Copilot

[5] Plugins overview Microsoft Security Copilot | Microsoft Learn

[6] Create your own custom plugins in Microsoft Security Copilot

[7] Microsoft Security Copilot Frequently Asked Questions

[8] What is Microsoft Security Copilot? | Microsoft Learn

[9] Setup Microsoft Security Copilot in Your Tenant

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner,  AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront, Amazon OpenSearch, AWS DMS, AWS Systems Manager, Amazon RDS, and many more.