The Shift, and the Honest Problem
Attackers adopted AI first. Microsoft’s 2025 Digital Defense Report measured a 54% click-through rate on AI-generated phishing versus 12% for traditionally written lures, making AI-generated phishing roughly 4.5 times more effective. Attackers now apply AI across the full kill chain, from reconnaissance to evasion. Machine-speed attacks demand machine-speed defense.
The obvious: if you run Sentinel with tuned analytic rules and XDR correlation, detection is not your gap. Bolting generic AI onto detection adds little because the engine already correlates events across the estate. The real gap is a state question, not an event question: is the environment still configured the way the control requires, right now? Posture drift, coverage gaps, and governance state are exactly what streaming rules cannot assert. That is where AI earns its place.
Why Security Copilot Over “Any AI”
The common objection, “any AI can do this,” conflates the model with the system. For posture work, the language model is the least differentiated part. What matters is where the AI sits, what it is allowed to touch, and whether its actions leave evidence.
Security Copilot is grounded in the live estate through first-party plugins, translates natural language to real KQL against the actual schema, applies changes only through human-gated approvals, and is itself governed: Microsoft’s Agent 365-layer registers, risk-scores, and audit-logs agent identities. The comparison in practice:
| Dimension | Generic AI | Security Copilot |
|---|---|---|
| Data path | Often can’t lawfully sit in the data path | Runs inside the tenant trust boundary; customer data isn’t used to train foundation models |
| Authorization | Sees everything you paste into it | Acts under the user’s or agent’s own scoped permissions |
| Live estate | Only knows what you feed it | First-party, real-time reach into Defender, Sentinel, Entra, and Purview |
| Action | Recommends | Recommends and applies changes, gated by human approval |
| Audit evidence | Lives outside your boundary | Logged inside the customer’s own audit trail |
Any AI can draft a summary. Only an engine inside the boundary can sit in the data path, act under the customer’s permission, and leave audit evidence where compliance can use it.
Security Copilot Inside Defender and the SCU Reality Check
The biggest usability shift is that Security Copilot is now embedded directly in the Microsoft Defender portal. Open an incident and Copilot automatically generates an incident summary: an executive-level narrative of what happened, which assets and identities are involved, the attack timeline, and suggested next steps. For a Tier-1 analyst, that’s a genuine win: complex triage for multi-stage incidents moves from “read the whole graph” to “read the summary, then verify.”
But be clear-eyed about the cost side. Every summary consumes SCUs, the provisioned capacity you pay for whether you use it or not, and three behaviors deserve to be named out loud:
- Auto-generation is the default. Copilot creates a summary whenever an analyst navigates to an incident page, and in busy queues that adds up fast.
- Hiding the Copilot panel does not stop consumption. Per Microsoft’s own documentation, closing the sidecar doesn’t affect SCU usage, the summary continues to generate in the background.
- You do have real control now. Under Settings → Copilot in Defender → Preferences, you can switch incident summary generation to “Generate on demand,” or keep auto-generation but scope it to a minimum incident severity. The settings page even estimates daily incident counts by severity and the projected SCU consumption. Generated summaries are also cached for a week and redisplay at no cost if the incident hasn’t changed significantly.
The honest trade-off: auto-generate gives the fastest analyst experience with the highest and least predictable SCU burn; severity-scoped auto-generation is the middle ground; on-demand gives predictable spend, but loses the “summary is already waiting for me” moment. Baseline your incident volume first, pick the mode that fits your SOC, and watch the SCU usage dashboard weekly for the first month.
Security Posture as a Managed Service, Measured Against CIS Controls
To make posture work concrete, we anchor it to CIS Controls v8.1, eighteen controls you align to rather than certify against, with crosswalks that let CMMC, CJIS, and ISO obligations ride along. Each relevant control area—asset inventory, data protection, access control, audit logging, network architecture—is a state to maintain, not an event to catch.
Since early 2025, Security Copilot has offered autonomous, scheduled agents that run the same loop: research, assess, report, then a human gate before anything changes. Microsoft ships first-party agents that are turn-key today. For example, the Conditional Access Optimization Agent finds users and applications not covered by MFA policy and proposes gated fixes, mapping directly to CIS Control 6. Custom agents extend the same pattern to whatever your practice needs: segmentation drift review, onboarding watch, or audit-evidence briefing that compiles control-state drift into a narrative an assessor can consume. In every case, human approval is itself the control evidence.
What It Costs and Where It Runs
SCUs and E5 Inclusion SCUs are the currency for everything, embedded summaries, chat, and agents all draw from the same pool, with provisioned capacity billed hourly and overage billed on demand. Microsoft 365 E5 and E7 now include a monthly SCU allocation (400 SCUs per 1,000 licensed users), with consumption beyond it billed separately through Azure, so “you already own it” is true. SCU consumption comes from interactions with the Security Copilot UI, embedded XDR experiences, and agent runs.
Security Copilot is currently available for the Microsoft Commercial cloud as part of your M365 E5 SKU. Microsoft has not yet announced Security Copilot availability dates for GCC, GCCH or DOD as of this writing.
The Bottom Line: A Scoped Security Copilot Pilot
The case for Security Copilot is not that AI simply makes security teams faster. It is that Microsoft’s approach brings AI into the governed security workflow where it can help maintain posture, surface drift, support analysts, and produce the audit trail leaders need to trust the outcome.
- AI on defense is table stakes. Machine-speed attacks need machine-speed response.
- Security Copilot is the engine. In-boundary, permissioned, governed, and audited, the part generic AI can’t replicate.
- The offer is posture automation as a recurring managed service, measured against CIS, with an honest eye on SCU consumption as both the value multiplier and the cost lever.
The next concrete step for most customers is a scoped pilot: turn on the embedded Defender experience, decide up front whether auto-generate, severity-scoped, or on-demand summaries fit your incident volume and budget, and spec one agent against a control area you already report on.
Learn More
- AI Strategy, Adoption & Governance with Planet
- Operationalizing Microsoft Copilot
- Microsoft Managed Services
- Microsoft Expertise
- Microsoft Accelerators
Something else or not sure where to start? Email us at [email protected]

