Course Overview
Explore the transformative power of AI in security with Microsoft Security Copilot. This course starts by introducing you to the fundamental concepts of generative AI. The course then delves into the cutting-edge AI functionality of Microsoft Security Copilot that empowers analysts to respond to threats quickly, process signals at machine speed, and assess risk exposure more quickly than may otherwise be possible. Lastly, the course guides the learner through a series of simulation-based exercises that mimic real-world situations.
Who should attend
This course is targeted to security professionals interested in getting started with Microsoft Security Copilot, including security analysts, security admins, and SOC managers. The person taking this course is looking to familiarize themselves with the functionality of Microsoft Security Copilot in both the standalone and embedded experiences. They should have working knowledge of security operations and incident response, experience with Microsoft security products and services, and is interested in learning how Microsoft Security Copilot, an AI-powered security analysis tool, can help them process security signals and respond to threats more quickly.
Prerequisites
- Working knowledge of security operations and incident response
- Working knowledge of Microsoft security products and services
Course Content
Introduction to generative AI and agents
- Introduction
- Large language models (LLMs)
- Prompts
- AI agents
- Exercise - Explore generative AI
- Module assessment
- Summary
Describe Microsoft Security Copilot
- Introduction
- Get acquainted with Microsoft Security Copilot
- Describe Microsoft Security Copilot terminology
- Describe how Microsoft Security Copilot processes prompt requests
- Describe the elements of an effective prompt
- Describe how to enable Microsoft Security Copilot
- Module assessment
- Summary and resources
Describe the core features of Microsoft Security Copilot
- Introduction
- Describe the features available in the standalone experience of Microsoft Security Copilot
- Describe the features available in a session of the standalone experience
- Describe workspaces
- Describe Security Copilot plugins
- Describe custom promptbooks
- Describe knowledge base connections
- Module assessment
- Summary and resources
Describe the embedded experiences of Microsoft Security Copilot
- Introduction
- Describe Copilot in Microsoft Defender XDR
- Copilot in Microsoft Purview
- Copilot in Microsoft Entra
- Copilot in Microsoft Intune
- Copilot in Microsoft Defender for Cloud
- Module assessment
- Summary and resources
Describe Microsoft Security Copilot agents
- Introduction
- Describe Microsoft Security Copilot agents
- Understand agent identities and permissions
- Describe the Security Copilot agents in Microsoft Entra
- Describe the Security Copilot agents in Microsoft Defender
- Describe the Security Copilot agents in Microsoft Purview
- Describe the Security Copilot agents in Microsoft Intune
- Describe the agents in the Security Copilot standalone experience
- Build your own agents
- Module assessment
- Summary and resources
Experience Security Copilot through guided simulations
- Introduction
- Explore owner settings in Security Copilot
- Use prompts and promptbooks in Security Copilot
- Create a custom promptbook in Security Copilot
- Investigate data protection activity in Microsoft Purview
- Investigate insider risks and compliance in Microsoft Purview
- Investigate security incidents in Microsoft Defender XDR
- Explore and create an agent in Security Copilot
- Explore the Conditional Access Optimization Agent
- Module assessment
- Summary