Microsoft Security Copilot: Workspaces, RBAC, Plugins, Agents
Microsoft Security Copilot β the AI copilot for SOC analysts and security engineers. Workspaces, role-based access, plugin enablement, Microsoft and Security Store agents, and how Security Copilot completes the SC-500 AI security story from the SOC side.
Closing the loop on AI security
Microsoft Security Copilot is the SOC-side AI assistant β the security engineerβs pair-programming partner for investigations, KQL writing, policy authoring, incident summarisation, threat-intel research, and runbook execution.
It deserves the last SC-500 module for two reasons:
- Itβs a paid Microsoft service that SOC and security engineering teams are adopting in 2026 β the exam tests configuration and governance, not how to use it day-to-day.
- It closes the loop on the AI security story: Domain 3 covered protecting AI workloads from threats; this module covers AI as the security tool. Both halves are now part of the SC-500 security engineerβs remit.
SC-500 expects you to know how to set up workspaces, who can do what (RBAC), how plugins extend Copilotβs data sources, and what Microsoft / Security Store agents do.
Workspaces and Security Compute Units (SCUs)
A Security Copilot workspace holds:
- Provisioned capacity β measured in Security Compute Units (SCUs), the consumption unit for Security Copilot work. SCUs are purchased in hourly increments and can be increased/decreased per hour. Most workloads run on small SCU counts (e.g. 1β4 SCU) with bursts.
- Plugins enabled β what data sources Security Copilot can query.
- Role assignments β who can do what within the workspace.
- Session history β past prompt sessions for review and re-use as βprompt booksβ.
Each tenant has one Security Copilot workspace. Workspaces are provisioned in a chosen region.
Permissions and roles
Security Copilot RBAC is workspace-scoped:
| Role | What it grants |
|---|---|
| Security Copilot Owner | Workspace settings (region, SCU capacity), plugin enablement, role assignments, session settings. Typically held by a SOC platform lead or security engineering lead. |
| Security Copilot Contributor | Use Security Copilot, run prompts, create prompt books, install/configure agents where allowed. Cannot change workspace settings or role assignments. |
| Role-aware (implicit) | Security Copilot's results respect the calling user's underlying Microsoft Entra and product-level permissions β a user without Defender XDR access won't see XDR data via Copilot, even if Copilot's plugin is enabled. Copilot does NOT escalate the user's effective access. |
This role-aware behaviour is a critical SC-500 concept: Security Copilot is not a privilege-escalation surface. A SOC tier-1 analyst can ask Copilot to summarise an incident, but if they donβt have Defender XDR read on the underlying data, Copilot returns no data β same as if they queried the source directly.
Plugins
Plugins extend Security Copilotβs data and action surfaces. Microsoft-published plugins include:
- Microsoft Defender XDR β query incidents, alerts, entities, Advanced Hunting
- Microsoft Sentinel β query Sentinel workspace, analytics rules, incidents, hunting queries
- Microsoft Entra β query users, groups, roles, sign-ins, Conditional Access
- Microsoft Intune β query devices, policies, configurations
- Microsoft Purview β query DLP, eDiscovery, communication compliance, Insider Risk
- Microsoft Defender for Cloud β query recommendations, alerts, attack paths
- Microsoft Defender Threat Intelligence β query IOC reputation, threat actor data
- Public web β limited search of public web for threat-intel context
Third-party plugins are published in the Microsoft Security Store or built custom via OpenAPI. Custom plugins follow the OpenAPI spec for tools, with authentication via OAuth or API key.
Plugin enablement is per-workspace and (where applicable) per-user β admins can scope which plugins are available to which roles.
Microsoft agents and Security Store agents
Agents in Security Copilot are autonomous task-runners that handle specific recurring scenarios. Two sources:
- Microsoft-published agents β examples:
- Phishing Triage agent (Defender for Office 365) β auto-triages reported phishing emails, classifies, applies labels
- Conditional Access Optimisation agent (Entra) β recommends CA policy improvements
- Vulnerability Remediation agent (Defender for Cloud) β recommends remediation steps for specific vulnerabilities
- Threat Intelligence Briefing agent β generates regular threat intel briefings for an org
- Alert Triage agent (Defender XDR) β auto-classifies and tags alerts
- Security Store agents β partner-published agents in the Microsoft Security Store, installable per workspace. Cover specialty domains (industry-specific compliance, niche SIEM platforms, etc.).
Agents consume SCUs from the workspaceβs capacity, just like interactive prompts. Agent enablement is per-workspace; some agents have additional product-level prerequisites (e.g. Phishing Triage agent requires Defender for Office 365 P2).
The SOC use of Security Copilot in practice
In production SOC work, Security Copilot lands in a few high-leverage places:
- Incident scoping β βSummarise this Defender XDR incident, name the entities, and list the next investigative steps.β Copilot reads the incident graph and produces a structured summary an analyst can hand to a tier-2.
- KQL writing β βWrite me a KQL query that finds users who signed in from an unfamiliar location AND then sent an external email AND then accessed a labelled-sensitive SharePoint site, all within 30 minutes.β Copilot drafts the KQL; analyst reviews and runs.
- Threat intel pivots β βGiven this file hash, summarise whatβs known about it from Defender TI.β Copilot returns the TI summary inline.
- Policy authoring β βDraft a Conditional Access policy that requires phishing-resistant MFA + compliant device for the Finance group when accessing Microsoft 365 apps.β Copilot drafts the policy structure; analyst reviews and applies.
- Automation via agents β Phishing Triage agent silently auto-triages reported phish; analyst reviews exceptions.
The SC-500 exam expects you to know what Copilot does at this level β not the underlying prompt engineering or model behaviour.
Scenario: Dom enables Security Copilot for Kestrel Cyber Co-op
Kestrel SOC adopts Microsoft Security Copilot to scale its analyst capacity across 30+ client tenants:
- Workspace provisioned in Kestrelβs tenant, region AU East. Initial SCU capacity: 4 SCU during business hours, 2 SCU overnight (configurable hourly).
- Roles:
- Dom (SOC platform lead): Security Copilot Owner.
- SOC engineers: Security Copilot Contributor.
- SOC tier-1/2 analysts: Security Copilot Contributor.
- Lighthouse-delegated analyst sessions from client tenants pick up Kestrelβs workspace via the analystβs Kestrel identity.
- Plugins enabled: Microsoft Defender XDR, Microsoft Sentinel, Microsoft Entra, Microsoft Defender for Cloud, Microsoft Defender Threat Intelligence, Microsoft Purview, public web.
- Agents enabled:
- Phishing Triage agent (Defender for Office 365) β auto-triages user-reported phish across all client tenants.
- Alert Triage agent (Defender XDR) β pre-classifies incoming alerts.
- Threat Intelligence Briefing agent β generates a weekly client-by-client TI brief.
- Role-aware tested: a tier-1 analyst with Sentinel Responder + Log Analytics Reader for client Aβs tenant can use Security Copilot to query Sentinel for that tenant β but receives βno dataβ if they ask about client B (where they have no permissions). Confirmed during onboarding.
After 90 days: mean time to incident triage drops 40%; reported-phish triage is fully agent-handled; weekly TI briefs land in client emails without manual analyst time; KQL co-authoring with Copilot becomes the default new-detection workflow.
Key terms
Knowledge check
Dom at Kestrel Cyber Co-op enables the Microsoft Defender XDR plugin in the Security Copilot workspace. A tier-1 analyst who has no Defender XDR permissions in a specific client tenant asks Copilot to summarise a Defender XDR incident in that tenant. What happens?
Esme at Northwind Bank is setting up Security Copilot for the bank's SOC. She wants tier-1 analysts to use Copilot for prompts and prompt books, BUT NOT change workspace settings (SCU capacity, plugin enablement, role assignments). Which role fits?
Asha at Aurora Health Service wants to auto-triage user-reported phishing emails across the hospital's M365 tenant using Microsoft Security Copilot. Which combination fits?
SC-500 complete
Youβve covered all four domains of SC-500:
- Domain 1 β Identity, access, governance (20β25%) β Entra ID, PIM, CA, app identity, managed identities, Key Vault, governance
- Domain 2 β Storage, databases, networking (25β30%) β storage / SQL / Defender for Databases, NSGs, vWAN, VPN, Entra Private Access, Private Endpoints, Azure Firewall, Network Watcher
- Domain 3 β Secure compute (20β25%) β the four AI security modules (Purview DSPM, Copilot Studio, Entra Agent ID, Foundry + Defender for AI), VM hardening, Defender for Servers + Arc, Defender for Containers, App Platform + WAF + APIM
- Domain 4 β Manage and monitor security posture (20β25%) β Defender for Cloud CSPM + workload plans, multicloud + EASM + MDVM, Sentinel foundations + event collection + automation, Microsoft Security Copilot
The four characters β Esme at Northwind Bank, Ravi at Maple Genomics, Asha at Aurora Health Service, Dom at Kestrel Cyber Co-op β represent the four organisational postures youβll meet in exam scenarios. When you read a scenario, identify the character archetype first; the right answer usually follows.
Good luck on the exam. If anything here helped, come say hi on YouTube or grab the practice exam ($9 for 1 year) β original questions written from the public skills outline, with brand scenarios, βwhy wrongβ for every option, and three study modes.