Security Copilot with Microsoft Intune: Early Access Program

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

As the world becomes more digital and connected, cybersecurity is becoming even more complex. Having end-to-end visibility and deep understanding of your environment is vital for defending against attacks that are increasing in creativity and frequency.

In March, Microsoft announced Microsoft Security Copilot, the first security product that uses generative AI to help defend organizations at machine speed and scale. Today, Microsoft announced the launch of the Early Access Program for Security Copilot. The deep integration of Microsoft 365 Defender with Security Copilot, Microsoft Intune, and Microsoft Sentinel allows customers to investigate and respond to incidents faster.

This blog highlights how including data from Microsoft Intune in Security Copilot will help revolutionize how customers can swiftly respond to security threats with full device context and strengthen enterprise security posture with AI-assisted insights and actions to manage devices simply and securely.

Rapid insight into your device landscape

When investigating an incident related to suspicious device activity, Security Copilot offers a comprehensive view of critical properties managed in the cloud by Intune, aiding analysts during a security investigation. Information about device enrollments, check-ins, and compliance can be retrieved quickly using natural language prompts to build a picture of the device status and inform the incident investigation.

If security or IT professionals need to investigate an incident related to specific users, Security Copilot helps pinpoint key information by simply asking a few questions to discover information such as devices users may have enrolled, configuration policies and apps deployed to their devices, and whether they meet compliance standards. This saves time when collecting device and user information in an investigation.

Improved and faster incident investigation

With Intune data seamlessly integrated into Security Copilot, customers can use natural language to quickly fetch data about devices and user properties. For instance, when seeking to ascertain the potential threat of a suspicious device, consider the advantage of instantly recognizing the similarities and differences between that device and others in the same group. This includes examining hardware, device configurations, and compliance policies assigned to both devices.

Identifying the group to which a suspicious device belongs provides a clearer understanding of the potential impact on other devices and users during an investigation, thereby streamlining the mitigation process. This saves time usually spent gathering information from multiple tools and disjointed systems and enables security teams to make informed decisions so that action can be taken with confidence.

Utilizing your data from Intune, Security Copilot provides specifics about device health, installed applications, configuration policies, policy assignments, and adherence to set compliance policies, facilitating informed decision-making regarding endpoint security.

Additionally, for customers who subscribe to the Microsoft Intune Suite—which, at this time, encompasses Endpoint Privilege Management, Remote Help, Tunnel for Mobile Application Management, specialty device management, and select capabilities of advanced analytics—Security Copilot can incorporate additional data for more context and deeper insights into a SOC scenario.

For example, “Are there ways I could have prevented this incident or prevent it in the future?” can include the recommendation to use Endpoint Privilege Management (EPM) to reduce exposure by enabling standard users and limiting local admin accounts. Or “How many users are assigned [this EPM] policy?” can provide the requested information.

This extended data utility enhances Security Copilot’s analytical depth and comprehensive oversight, ensuring a more nuanced and secure device management ecosystem.

Request early access

To start taking advantage of the integration of Intune with Security Copilot, reach out to your sales representative to get more details on early access qualifications.

Sign up here to receive updates on Security Copilot and the use of AI in security.

Learn more about Microsoft Intune and Security Copilot at Microsoft IgniteJoin the conversation @MSIntune and on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.