Microsoft Promises Better Tracking with Intune and Security Copilot
Security Copilot is currently at the invite-only early preview stage.
Microsoft Intune with a coming Microsoft Security Copilot artificial intelligence (AI) integration will help organizations better track security issues at the device and user level, according to a Thursday Microsoft announcement.
IT pros can use Security Copilot's generative AI capabilities to drill down into device security compliance and other details via plain language text prompts. The Security Copilot integration can be used to facilitate investigations, the announcement suggested:
When investigating an incident related to suspicious device activity, Security Copilot offers a comprehensive view of critical properties managed in the cloud by Intune, aiding analysts during a security investigation. Information about device enrollments, check-ins, and compliance can be retrieved quickly using natural language prompts to build a picture of the device status and inform the incident investigation.
Security Copilot will be able to tap information regarding Intune's tracking of "device health, installed applications, configuration policies, policy assignments, and adherence to set compliance policies," the announcement added.
If organizations subscribe to the Microsoft Intune Suite, they will get an enhanced Security Copilot integration that "can incorporate additional data for more context and deeper insights into a SOC scenario," the announcement indicated. Besides device management, the Intune Suite product currently consists of the following capabilities:
- Endpoint Privilege Management
- Remote Help
- Tunnel for Mobile Application Management
- Specialty device management, and
- Select capabilities of advanced analytics.
Security Copilot presently is at the invitation-only early preview release stage. Organizations should contact their sales representatives if they want to try it, Microsoft indicated.
Microsoft also indicated this week that Security Copilot will enhance the Microsoft 365 Defender product, making things easier for security operations center personnel. However, Security Copilot is at the invite-only early preview stage for those customers as well.
Microsoft announced the early-access program for Security Copilot this week in this announcement. In it, Microsoft stated that "Microsoft Defender Threat Intelligence, and access to its API, will be available to every Security Copilot customer at no additional cost." It's presently unclear what that means.
Microsoft Defender Threat Intelligence is a subscription-based service that maps Internet threats. It's one of those products where Microsoft doesn't show the pricing on its landing page.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.