Microsoft Copilot for Security Ninja Now operating and at your service
I recently completed my Microsoft Copilot for Security Ninja training, now I’m ready for those Security copilot conversations with Partners and customers….. of course this is not true! I am but a mere amateur.
I do have the ‘certificate’ but I am no expert in Microsoft Co-pilot for Security yet, I have collected some information that will help partners and customers who wish to start using Copilot for Security without blowing their budgets and ensuring you obtain maximum value from your time.
What is coPilot for Security?
Microsoft Copilot for Security is your front seat passenger in the security operations team, Microsoft like to use the word CoPilot to show that you are always in control, my take on this is more that just like any Gen AI, Hallucinations happen and the response you receive from CoPilot may not always be correct so as always human, you are the driver!
As always the most benefit will come from copilot for Security when you have more data being analysed, the more enterprise Microsoft licenses with Microsoft Security enabled will provide the most coverage like Microsoft 365 E5 Security or E5 Compliance and having the telemetry from these security products in Microsoft Sentinel and Microsoft Defender XDR will provide the greatest benefit. Microsoft has certainly become a much more competitor “friendly” business though and there are many plug ins already available for 3rd party vendors, but remember 3rd parties will only support these integrations if they get sufficient use as developing and maintaining connectors costs money – be aware that these capabilities come and go.
One of the big benefits with Copilot for Security is that it comes with Microsoft Threat Intelligence which normally has a significant additional cost, this is almost worth the $4 USD per SCU/hour cost of the product. Skip ahead if you want to find out how to keep this cost down because this is the biggest current roadblock to broader consumption, being that the assumption is $4 USD per hour becomes quite expensive by 24 hours per day / 365 days per year?
What can you do with CoPilot for Security? many many things, example, you could ask what devices are vulnerable to a particular threat that has been recently discovered, or you could ask “what do I need to do to secure all my devices from vulnerability xzy” or you might ask copilot for security to “summarise and incident” or even “resolve an incident” – mileage is going to vary but the results will be better and faster than you could achieve alone.
CoPilot for Security Resources
Enabling Copilot for Security is super easy, it is an Azure resource and can be enabled through your Azure portal, as always use the search if you can not locate it, there are several guides to assist with this like here.
Disclaimer
The resources below are not my own, I have some great colleagues in the Industry and I wanted to share what they have provided me as these have already helped several partners I have shared with.
The following scripts are provided without any sort of guarantee, they are mostly to help reduce the spend of a Copilot for Security deployment.
Running Copilot for Security without breaking the bank – https://lnkd.in/g6WqSiZc
Using Logic Apps to Automate Scheduling Microsoft Copilot for Security Capacities – https://lnkd.in/gyMhggKx
Using Bicep to Automate Copilot-for-Security resources (Security Compute Units) – https://lnkd.in/g3fie-tA
Bicep Copilot-for-Security-deploy-and-destroy – https://lnkd.in/gwRcUdNh
More on Bicep – GoToGuy – https://lnkd.in/gui2Dpzg
How to Test Microsoft Copilot for Security on a Budget – https://lnkd.in/gpKxBVn5
And another one from Stefano Pescosolido
And from Andrea Fisher
Adjust Capacity for Copilot for Security
Microsoft Copilot for Security Ninja service! Summary
Hopefully this post provides some useful information in relation to managing the costs while testing the capabilities, it is likely that the pricing model will change and some point once Microsoft can accurately determine usage etc.
My advice is to test and evaluate, as it will save you time and if you are not an expert then the insights will help you determine indicators of compromise, vulnerabilities and potentially even resolve issues faster, the biggest ‘secret’ benefit is that you are also gaining access to Microsoft Threat Intelligence feeds, where data about your industry, your location and other factors will help to build a map of your threat posture as well as a lot more about what is happening from the cyber crime side matched to the data within your organisation.
If you wish to reach out to me, please contact me here.
Leave a Reply