THE PROMPT for Security Copilot - Issue #27

Cyber Sidekick

May 02, 2025

My Prompts

Happy Friday, everyone!

Welcome to this week's edition of our newsletter!

In this issue, we are excited to introduce the latest advancements in our Security Copilot Agents. From the Threat Intelligence Briefing Agent, which automatically curates relevant and timely threat intelligence based on your organization's unique attributes and cyberthreat exposure, to the Intune Vulnerability Remediation Agent, which monitors and prioritizes vulnerabilities and remediation tasks to address app and policy configuration issues, and the Conditional Access Optimization Agent, which identifies necessary updates to close security gaps.

Additionally, we are thrilled to announce the phased public preview rollout of Security Copilot Agents. This rollout will gradually expand to more customers to ensure a smooth and scalable experience.

NOTE: Please note that there will be no newsletter delivery next week due to my travel. We will resume our regular schedule the following week.

Thank you for your understanding and continued support.

…

Who will I see next week?

I spent 20 years of my career speaking in Vegas 2-3 times each year. Then Covid hit and I've yet to be back. So, I’m excited to be back in Vegas next week. I hope it hasn't changed too much.

You can find me at the Microsoft booth several times during the week touting our private communities, and then later in the week talking about Security Copilot.

https://www.m365conf.com/#!/session/Modernizing%20Security%20Operations%20Using%20Security%20Copilot/7464

…

Have a great week ahead!

Talk soon.

-Rod

Community Prompts

CrowPilot: The AI Agent that Connects Security Copilot with CrowdStrike Falcon - A good security program cannot exist without good data, and for AI platforms, like Microsoft’s Security Copilot, good data is essential to maximizing effectiveness. The diverse set of security tools owned by organizations often don’t natively integrate to work together, leaving the perfect opportunity for AI to tie these different tech stacks together. The visibility gained and response capabilities allowed by endpoint detection and response (EDR) tools make them critical to security programs. To help the security community work with the tool stacks they have, and yield maximum results, SRA is proud to announce CrowPilot to help organizations using Security Copilot interact with their CrowdStrike deployment.

Additional skills for prompting with Intune data in Security Copilot - The official Security Copilot plugin for Microsoft Intune, available in the standalone portal, provides valuable insights into individual managed devices and policies. However, aside from the GetIntuneDevices skill, it currently lacks capabilities to offer a comprehensive overview of the overall state of the Intune environment.

Introducing Security Copilot Agent - Intune Vulnerability Remediation Agent (Preview) - To build further on the previous posts regarding Security Copilot, which you can find below I would like to introduce Security Copilot Agent and specifically the Intune Vulnerability Remediation Agent.

Navigating the Transition to Overage SCUs in Microsoft Security Copilot - Microsoft Security Copilot is introducing a new feature that allows owners and admins to enable overage SCUs, providing a flexible solution for managing workload capacity. Here's what you need to know about this transition and how it can benefit your organization.

Event Prompts

Introducing Partner Month: May 2025 on The Microsoft Security Insights Show - Welcome to Partner Month on The Microsoft Security Insights Show! This May, we're excited to shine a spotlight on our incredible Microsoft partners who are innovating and building their own Agents for Microsoft Security Copilot. Join us each week as we delve into the latest advancements and hear from industry leaders who are transforming the landscape of cybersecurity.

Audio/Visual Prompts

The Microsoft Security Insights Show

The Microsoft Security Insights Show Episode 259 - Rick Kotlarz

Advanced Prompt Engineering for Security Copilot. As a cybersecurity professional with over 20 years of experience, Rick specializes in cybersecurity architecture and IT risk management. He is passionate about artificial intelligence, continuous learning, exchanging ideas, and contributing to endeavors that help others achieve success…

Listen now

2 months ago · Rod Trent and Edward Walton

Rod’s Blog

After the Blog Episode 21: Security Copilot Overage SCUs

Welcome to today's episode of "After the Blog, with me, your host, Rod Trent." Today, we're diving into an exciting new feature in Microsoft Security Copilot that promises to make managing your security workloads smoother and more flexible. We're talking about…

Listen now

2 months ago · Rod Trent

News Prompts

RSA Conference 2025: Security Copilot Agents now in preview - Starting today, we’re beginning a phased public preview rollout which will gradually expand to more customers to ensure a smooth and scalable experience. The following agents are now available in preview to select customers:

Conditional Access Optimization Agent in Microsoft Entra monitors for new users or apps not covered by existing policies, identifies necessary updates to close security gaps, and recommends quick fixes for identity teams to apply with a single click.

Vulnerability Remediation Agent in Microsoft Intune monitors and prioritizes vulnerabilities and remediation tasks to address app and policy configuration issues and expedites Windows OS patches with admin approval.

Threat Intelligence Briefing Agent in Security Copilot automatically curates relevant and timely threat intelligence based on an organization’s unique attributes and cyberthreat exposure.

Prompt of the Week

Investigate anomalous activities flagged by Sentinel related to privileged account access. Correlate findings with Defender signals.

https://github.com/rod-trent/Security-Copilot/blob/main/Prompts/Plugins/Sentinel.md