Security Copilot Agents

Welcome to the Security Copilot Agents documentation. This collection of specialized agents helps you automate security operations, optimize configurations, and gain deeper insights into your Microsoft 365 and Azure environments.

What Are These Agents?

Security Copilot Agents are intelligent automation tools that integrate with Microsoft Security Copilot to perform complex analysis, identify issues, and provide actionable recommendations. Each agent specializes in a specific area of security, compliance, or IT operations.

Think of them as expert consultants who can analyze your environment in minutes and tell you exactly what needs attention.

Available Agents

Identity & Access Management

• Assignment Insights - Analyzes and optimizes Intune policy and application assignments

• PIM Insights - Comprehensive analysis of Privileged Identity Management activations

• Privileged Admin Watchdog - Identifies and removes standing administrative privileges

• License Optimizer - Optimizes Microsoft 365 license allocation and identifies cost savings

• GSA Reporting & Assignment Agent - Detects degraded connectors, stale IP ranges, orphaned assignments, and unusual traffic behaviors.

• Insider Risk Profiler - Enriches IRM alerts with identity risk, device compliance, and data protection signals

Compliance & Governance

• Compliance Assistant - Automated DPB and GDPR compliance assessment with gap analysis

• Policy Advisor - Deep analytics into Purview policy effectiveness and data governance

• Policy Gap Remediator - Identifies and remediates data governance policy gaps

• Classification Optimizer - Analyzes and optimizes Purview Sensitive Information Types (SITs)

Operations & Security

• Device Troubleshooter - Diagnoses and resolves Intune device and configuration issues

• Forensic Agent Core - Deep-dive incident analysis with threat intelligence enrichment

• Attack Mapping Agent - MITRE ATT&CK mappings for Microsoft Sentinel analytic rules

• Cloud App Activity Profiler - Profiles SaaS domain risk with automated discovery

How to Use This Documentation

Each agent has three main documentation pages:

• Overview - What the agent does, use cases, and why you'd use it

• Requirements - Permissions needed, setup requirements, and configuration options

• Changelog - Version history and release notes

Getting Started

Ready to deploy your first agent? Head to the Get Started guide to learn how to set up Security Copilot Agents in your environment.

Need Help?

Check the Troubleshooting section for common issues and solutions.

About SCU Costs

Each agent includes an estimated SCU (Security Copilot Unit) cost in its overview. These are approximate costs per run and may vary based on your environment size and complexity. Plan your usage accordingly to manage costs effectively.