THE PROMPT for Security Copilot - Issue #23
Weatherly
My Prompts
Happy Friday everyone!
It’s been a crazy weather week here in Southwest Ohio. My family and I have spent a couple late nights in our basements watching the local news and hoping the power stays on. We’ve survived so far from the Sunday and Wednesday night rounds of storms, but it’s that time of year where we’re pounded by the weather due to warm temperatures wrestling with cold temperatures for dominance.
As an example of close calls, on Sunday a huge church steeple was toppled over due to high winds.
…
But anyway…in this newsletter edition, there’s plenty to cover, but make sure you catch the following:
Dive into the latest updates from March 2025, where Microsoft has significantly expanded Security Copilot’s capabilities, focusing on automation, intelligence, and analyst productivity.
Get introduced to the groundbreaking Microsoft Security Copilot 2.0, featuring psychic threat detection capabilities.
Explore how organizations can build an AI-driven secure operations ecosystem by integrating Security Copilot with automation tools like Power Automate, Logic Apps, and Power Apps.
Don't miss tips on writing better prompts for Security Copilot to enhance your investigations and security decisions.
And check out the new pricing model for Security Copilot, offering more consumption flexibility with the addition of overage Security Compute Units (SCU).
…
Some of you may remember my life before Microsoft where I invented and ran a very popular IT Pro systems management community called, myITforum. For those that don’t know, myITforum was the largest 3rd party Microsoft focused community for years, running from 1999 to around 2016.
I think we might all agree that the world has gone somewhat crazy, and that people have forgotten how to community. So, after a brief hiatus, myITforum is back!
I’m taking a bit of a different tact this time, though. In addition to sharing and teaching this generation how to properly do community and providing technical content for IT Pros, I’m developing a revenue sharing model for authors.
If this is something that interests you, you can subscribe at the following link to stay informed of next steps:
https://myITforum.com
…
Speaking of community…
I’ve yet to mention here, but I have accepted a new role at Microsoft. I’m excited to get started in the new role. I’m moving to a Senior Product Manager job where I’ll still be focused on all things security and AI, but dedicated to our NDA communities, i.e., Customer Connection Program (CCP), MVPs, and partners. I’m really excited about this and will have bigger details in the coming months.
…
That’s it from me for this week. Talk soon.
-Rod
Community Prompts
Important news about Security Copilot Pricing model! - Since yesterday you will see the option to opt-in into the new Overage pricing model. On June 1st it will enforce in every tenant. This model works this way…
What's New in Microsoft Security Copilot: A Deep Dive into the Latest Updates - As the cybersecurity landscape grows increasingly complex, security teams are facing an avalanche of alerts, incidents, and operational challenges. Microsoft Security Copilot — the AI-powered assistant integrated into Microsoft’s security ecosystem — continues to evolve to meet these demands. In its latest set of updates (March 2025), Microsoft has significantly expanded Security Copilot’s capabilities, focusing on automation, intelligence, and analyst productivity.
Introducing Microsoft Security Copilot 2.0: Now with Psychic Threat Detection! - April 1st is here, and while we all appreciate a good laugh, the team at Microsoft Security Copilot has been hard at work on something truly groundbreaking—or at least, that’s what our engineers tell us! Today, we are thrilled (and slightly amused) to unveil Microsoft Security Copilot 2.0, the world’s first AI-powered cybersecurity tool with psychic threat detection capabilities. Yes, you heard that right. Forget algorithms and behavioral analytics; we’re diving straight into the realm of clairvoyance.
Building an AI-Driven Secure Ops Ecosystem with Security Copilot, Power Automate, Logic Apps, and Power Apps - As cyber threats evolve in complexity and scale, organizations must leverage AI-driven security ecosystems to enhance detection, response, and remediation. By integrating Microsoft Security Copilot with automation tools like Power Automate, Logic Apps, and Power Apps, enterprises can build a proactive and intelligent security operations (SecOps) framework. This blog explores how organizations can effectively utilize these technologies to automate threat response, optimize security operations, and improve overall cybersecurity resilience.
Writing Better Prompts for Security Copilot Just Got Easier - If you’ve been using Microsoft Security Copilot, you’ll know how powerful it is when it comes to speeding up investigations, cutting through alert noise, and helping you make faster security decisions. But here’s the thing no one talks about enough: Your results are only as good as the prompts you give it. Bad Google = Bad Prompt.
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI - By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot as well as IoT devices. The vulnerabilities found in the GRUB2 bootloader (commonly used as a Linux bootloader) and U-boot and Barebox bootloaders (commonly used for embedded systems), could allow threat actors to gain and execute arbitrary code.
Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR - With the use of Security Copilot, it is possible to enrich and triage alerts automatically using GenAI data. Microsoft recently developed new SOC automation playbooks to accelerate AI-automated triage based on Security Copilot and Microsoft Sentinel.
Overage SCUs Now Available for Security Copilot - Microsoft has just announced a new pricing option for Microsoft Security Copilot users. This update is for you.
News Prompts
Introducing more consumption flexibility with Security Copilot enhancements - To further enhance customer flexibility and scalability, we are now supplementing the existing provisioned pricing structure for Security Copilot with the addition of an overage Security Compute Unit (SCU). This update ensures that organizations can confidently scale their Security Copilot workloads dynamically beyond their provisioned capacity, while maintaining cost predictability and control.
Overage model - General Availability
Type: New capability
Experience: Standalone
Customers can set an overage amount to ensure that additional SCUs are available when initially provisioned units are depleted during unexpected workload spikes. Overage units are billed on-demand and can be set as unlimited or a maximum amount.
For more information, see Manage usage.
Splunk - Public preview
Type: New feature
Experience: Standalone
The Splunk plugin enables customers to perform searches in Splunk, retrieve alerts, and others.
For more information, see Splunk.
Microsoft Threat Intelligence recommended actions - General Availability
Type: Changed
Experience: Standalone
When investigating a vulnerability or attack utilizing an exploit, it's critical to understand the recommended actions for mitigation. This information is now available through the Microsoft Threat Intelligence plugin.
Microsoft Threat Intelligence - Malware encyclopedia integration - Public preview
Type: New capability
Experience: Standalone
When investigating an incident involving a malware it's critical to quickly get the information about this malware, relevant Defender for Endpoint version and guidance for next steps. This capability allows customers to query this information directly in Security Copilot.
Microsoft Threat Intelligence - Reason for inclusion - General Availability
Type: New capability
Experience: Standalone
When the analyst receives a response with multiple results – such as multiple actors or attacks, multiple articles, and others, it's sometimes difficult to understand which result is the most relevant for the next level of drill-down. With this enhancement it's easier to understand the relevance of each result.
Microsoft Threat Intelligence - Suggested prompts - General Availability
Type: New capability
Experience: Standalone
During a session in Security Copilot customers often need help selecting the next prompt for their investigation. This is a critical part of a guided experience.
Microsoft Threat Intelligence - Indicator skills - General Availability
Type: New capability
Experience: Standalone
Microsoft Threat Intelligence indicator skills allow direct access to all suspicious IOC and the mass datasets of web scan data including DNS, WHOIS, host pairs, certificates, detonation data, and others.
Prompt of the Week
Track sensitive data movement across the organization using Microsoft Purview tools. Suggest policies to reduce exposure.
https://github.com/rod-trent/Security-Copilot/blob/main/Prompts/Plugins/Purview.md
