Tel: (+61) 422 933 319

Email: [email protected]

Microsoft Copilot for Security Ninja Now operating and at your service!

Microsoft Copilot for Security Ninja Now operating and at your service

I recently completed my Microsoft Copilot for Security Ninja training, now I’m ready for those Security copilot conversations with Partners and customers….. of course this is not true! I am but a mere amateur.

I do have the ‘certificate’ but I am no expert in Microsoft Co-pilot for Security yet, I have collected some information that will help partners and customers who wish to start using Copilot for Security without blowing their budgets and ensuring you obtain maximum value from your time.

Microsoft Copilot for Security Ninja Now operating!

What is coPilot for Security?

Microsoft Copilot for Security is your front seat passenger in the security operations team, Microsoft like to use the word CoPilot to show that you are always in control, my take on this is more that just like any Gen AI, Hallucinations happen and the response you receive from CoPilot may not always be correct so as always human, you are the driver!

As always the most benefit will come from copilot for Security when you have more data being analysed, the more enterprise Microsoft licenses with Microsoft Security enabled will provide the most coverage like Microsoft 365 E5 Security or E5 Compliance and having the telemetry from these security products in Microsoft Sentinel and Microsoft Defender XDR will provide the greatest benefit. Microsoft has certainly become a much more competitor “friendly” business though and there are many plug ins already available for 3rd party vendors, but remember 3rd parties will only support these integrations if they get sufficient use as developing and maintaining connectors costs money – be aware that these capabilities come and go.

Image courtesy of Microsoft, CoPilot for Security

One of the big benefits with Copilot for Security is that it comes with Microsoft Threat Intelligence which normally has a significant additional cost, this is almost worth the $4 USD per SCU/hour cost of the product. Skip ahead if you want to find out how to keep this cost down because this is the biggest current roadblock to broader consumption, being that the assumption is $4 USD per hour becomes quite expensive by 24 hours per day / 365 days per year?

What can you do with CoPilot for Security? many many things, example, you could ask what devices are vulnerable to a particular threat that has been recently discovered, or you could ask “what do I need to do to secure all my devices from vulnerability xzy” or you might ask copilot for security to “summarise and incident” or even “resolve an incident” – mileage is going to vary but the results will be better and faster than you could achieve alone.

CoPilot for Security Resources

Enabling Copilot for Security is super easy, it is an Azure resource and can be enabled through your Azure portal, as always use the search if you can not locate it, there are several guides to assist with this like here.


The resources below are not my own, I have some great colleagues in the Industry and I wanted to share what they have provided me as these have already helped several partners I have shared with.

The following scripts are provided without any sort of guarantee, they are mostly to help reduce the spend of a Copilot for Security deployment.

Running Copilot for Security without breaking the bank –

Using Logic Apps to Automate Scheduling Microsoft Copilot for Security Capacities –

Using Bicep to Automate Copilot-for-Security resources (Security Compute Units) –

Bicep Copilot-for-Security-deploy-and-destroy –

More on Bicep – GoToGuy –

How to Test Microsoft Copilot for Security on a Budget  –

And another one from Stefano Pescosolido

And from Andrea Fisher 

Adjust Capacity for Copilot for Security

Microsoft Copilot for Security Ninja service! Summary

Hopefully this post provides some useful information in relation to managing the costs while testing the capabilities, it is likely that the pricing model will change and some point once Microsoft can accurately determine usage etc.

My advice is to test and evaluate, as it will save you time and if you are not an expert then the insights will help you determine indicators of compromise, vulnerabilities and potentially even resolve issues faster, the biggest ‘secret’ benefit is that you are also gaining access to Microsoft Threat Intelligence feeds, where data about your industry, your location and other factors will help to build a map of your threat posture as well as a lot more about what is happening from the cyber crime side matched to the data within your organisation.

If you wish to reach out to me, please contact me here.

Leave a Reply

Your email address will not be published. Required fields are marked *


Forgotten Password?