Microsoft Previews Copilot Data Connector for Sentinel to Strengthen AI-Aware Security Monitoring
Microsoft has announced the public preview of the Microsoft Copilot data connector for Microsoft Sentinel, giving security teams visibility into Copilot-related activity within their security operations workflows. The connector enables organizations to ingest telemetry from Microsoft Copilot into Sentinel, allowing SOC teams to monitor usage, investigate suspicious behavior and correlate Copilot activity with other security signals across the environment. The goal is to help customers manage AI adoption more securely as Copilot becomes embedded in daily work. The connector allows logs to be viewed via Purview Unified Audit Log (UAL), eliminating the need to view activities through the Purview Portal. Office 365 Management API's supported as part of this connector are listed here.
As generative AI tools move into core productivity platforms, security teams are under pressure to understand how these systems are being used and whether they introduce new risk. By integrating Copilot data into Sentinel, organizations can apply existing detection rules, analytics and response processes to AI interactions. This data connector offers a single-tenant connector for the entire tenant it resides in. For security and compliance leaders, the preview highlights a broader trend toward treating AI activity as a first-class security signal. Bringing Copilot telemetry into SIEM workflows supports more proactive governance and helps align AI productivity gains with enterprise security and compliance requirements.
Posted by Redmondmag.com Editors on 02/04/2026