Microsoft has recently expanded its Security Copilot assistant to integrate seamlessly with Microsoft Intune and Microsoft Entra, introducing AI-driven features aimed at enhancing endpoint management and identity infrastructure. (microsoft.com)
This development underscores the pivotal roles of Intune and Entra in contemporary security strategies, particularly in implementing a Zero Trust model. Intune focuses on enforcing device compliance, app protection, and endpoint privilege management, while Entra manages identity access through Conditional Access policies and detailed authentication controls. (microsoft.com)
Security Copilot in Microsoft Intune
Within Intune, Security Copilot introduces a dedicated Explorer pane in the admin center, enabling administrators to request information and execute actions without switching tools. For instance, admins can query, "Show me devices not on the latest version of Windows and Office," and receive actionable results promptly. (microsoft.com)
The Explorer experience spans various Intune domains, including devices, apps, security policies, users, and compliance data. It also extends support to Windows 365 Cloud PCs, providing insights into connectivity, licensing, and performance. Future updates are expected to introduce additional capabilities for Cloud PCs, such as diagnostics and licensing optimization. (microsoft.com)
Furthermore, Security Copilot assists in crafting Kusto Query Language (KQL) queries, generating custom reports, and evaluating app risks for privilege elevation requests. Integration with the Surface Management Portal offers unified visibility across Surface devices, streamlining management processes. (microsoft.com)
Security Copilot in Microsoft Entra
In Entra, Security Copilot aids administrators in reviewing Conditional Access policies, identifying security gaps or overlaps, and elucidating identity governance decisions. The newly introduced Conditional Access Optimization Agent autonomously scans for policy issues, suggests improvements, supports custom rules via natural-language prompts, and logs all activities for auditing purposes. (microsoft.com)
Leveraging Microsoft Graph data and built-in system tools, Security Copilot generates informed responses. Sessions are saved for subsequent review, with access controlled through role-based permissions. Notably, all actions necessitate admin approval, ensuring that Security Copilot operates without executing tasks autonomously. (microsoft.com)
Impact and Availability
Since its initial release in April, Security Copilot has been integrated into Defender, Purview, and Sentinel. Microsoft reports that organizations utilizing Security Copilot have observed a 54% reduction in time to resolve device policy conflicts and a 22.8% decrease in alerts per incident within three months of adoption, allowing teams to focus on more strategic initiatives. (microsoft.com)
Security Copilot is available as an add-on license for customers using Microsoft 365 E5, Enterprise Mobility + Security E5, or Defender for Endpoint Plan 2. (microsoft.com)
This expansion signifies Microsoft's commitment to integrating AI-driven solutions into its security and management platforms, aiming to enhance efficiency and bolster security postures across organizations.
Source: Redmondmag.com Microsoft Intune and Entra Receives Security Copilot Enhancement -- Redmondmag.com
