Merge pull request #271738 from ElazarK/wi236734-copilot-in-mdc

copilot RSA

Author: v-dirichards

articles/defender-for-cloud/TOC.yml

@@ -263,6 +263,9 @@
       - name: AI security posture management (Preview)
         displayName: AI, security, posture, management
         href: ai-security-posture.md
+    - name: Copilot for Security in Defender for Cloud
+      displayName: copilot, security, recommendations
+      href: copilot-security-in-defender-for-cloud.md
     - name: Security recommendations
       items:
         - name: Reference list of Azure recommendations
@@ -354,6 +357,23 @@
         href: remediate-server-secrets.md
       - name: Remediate cloud deployment secrets
         href: remediate-cloud-deployment-secrets.md
+    - name: Improve security posture with Copilot for Security
+      items:
+        - name: Analyze recommendations with Copilot for Security
+          displayName: copilot, security, recommendations, analyze
+          href: analyze-with-copilot.md
+        - name: Summarize recommendations with Copilot for Security
+          displayName: copilot, security, recommendations, summarize
+          href: summarize-with-copilot.md
+        - name: Remediate recommendations with Copilot for Security
+          displayName: copilot, security, recommendations, remediate
+          href: remediate-with-copilot.md
+        - name: Delegate recommendations with Copilot for Security
+          displayName: copilot, security, recommendations, delegate
+          href: delegate-with-copilot.md
+        - name: Remediate code with Copilot for Security
+          displayName: copilot, security, recommendations, code, remediate, iac, infrastructure as code
+          href: remediate-code-with-copilot.md
     - name: Manage security standards and recommendations
       items:
       - name: Choose standards for your compliance dashboard

articles/defender-for-cloud/analyze-with-copilot.md

@@ -0,0 +1,61 @@
+---
+title: Analyze recommendations with Copilot for Security
+author: Elazark
+ms.author: elkrieger
+description: Learn how to analyze recommendations with Copilot in Microsoft Defender for Cloud and improve your security posture.
+ms.topic: how-to
+ms.date: 06/10/2024
+#customer intent: As a security professional, I want to understand how to use Copilot to analyze recommendations in Defender for Cloud so that I can improve my security posture.
+---
+
+# Analyze recommendations with Copilot for Security
+
+Microsoft Defender for Cloud's integration with Microsoft Copilot for Security allows you to analyze all of the recommendations presented on the recommendations page. By narrowing the scope of the recommendations page, you can focus on specific recommendations and get a better understanding of your security posture.
+
+Once the list of recommendations is filtered, you can investigate specific recommendations and gain a better understanding of the risks and vulnerabilities that are present in your environment.
+
+## Prerequisites
+
+- [Enable Defender for Cloud on your environment](connect-azure-subscription.md).
+
+- [Have access to Azure Copilot](../copilot/overview.md).
+
+- [Have Security Compute Units assigned for Copilot for Security](/copilot/security/get-started-security-copilot).
+
+## Analyze a recommendation
+
+Copilot for Security gives you the ability to analyze your recommendations. Through the use of prompts, you can filter and refine the presented recommendations to focus on specific areas of interest.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. Navigate to **Recommendations**.
+
+1. Select **Analyze with Copilot**.
+
+    :::image type="content" source="media/analyze-with-copilot/analyze-with-copilot.png" alt-text="Screenshot of the recommendations page that shows where the Analyze with Copilot button is located." lightbox="media/analyze-with-copilot/analyze-with-copilot.png":::
+
+1. Select one of the suggested prompts or enter a prompt in natural language.
+
+    Some sample prompts include:
+
+    - Show risks for publicly exposed resources
+    - Show risks for resources with sensitive data
+    - Show risks for critical resources
+    - Show risk to data
+
+1. Review the provided answer.
+
+1. (Optional) You can select a suggested prompt or enter a unique prompt to further refine the results.
+
+1. Select **Apply filter** to view the updated recommendations.
+
+    :::image type="content" source="media/analyze-with-copilot/show-results-copilot.png" alt-text="Screenshot that shows where the Apply filter button is located in the Copilot window." lightbox="media/analyze-with-copilot/show-results-copilot.png":::
+
+The recommendations page updates with the appropriate filters applied based on the prompt you provided. Copilot remains open and you can enter other prompts as needed.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Summarize recommendations with Copilot for Security](summarize-with-copilot.md)

articles/defender-for-cloud/copilot-security-in-defender-for-cloud.md

@@ -0,0 +1,59 @@
+---
+title: Copilot for Security in Defender for Cloud (Preview)
+description: Learn about the benefits of copilot in Microsoft Defender for Cloud and how it applies to analyzing your security posture.
+ms.date: 06/10/2024
+author: dcurwin
+ms.author: dacurwin
+ms.topic: concept-article
+# customer intent: As a security professional, I want to understand the benefits of Copilot in Microsoft Defender for Cloud and how it can help me analyze my security posture.
+---
+
+# Copilot for Security in Defender for Cloud (Preview)
+
+Microsoft Copilot for Security is a cloud-based AI platform that provides natural language copilot experience. It can help support security professionals to understand the context of a recommendation, the effect of implementing a recommendation, assist with remediating or delegating a recommendation, and assist with the remediation of misconfigurations in code. For more information about what it can do, go to [What is Microsoft Copilot for Security?](/copilot/security/microsoft-security-copilot)
+
+**Copilot for Security integrates with Microsoft Defender for Cloud**
+
+Microsoft Defender for Cloud's integration with Copilot for Security on the recommendations page, allows users to comprehend the security posture of connected environments and aids users in their ability to grasp the reason for the recommendation and facilitate the remediation process of those recommendations.
+
+## How Copilot works in Defender for Cloud
+
+Defender for Cloud has integrated Copilot directly in to the Defender for Cloud experience. This integration allows you to analyze, summarize, remediate, and delegate your recommendations with natural language prompts
+
+:::image type="content" source="media/copilot-security-in-defender-for-cloud/analyze-copilot.png" alt-text="Screenshot that shows where the Analyze with copilot button located on the recommendations page." lightbox="media/copilot-security-in-defender-for-cloud/analyze-copilot.png":::
+
+When you open Copilot, you can use natural language prompts to ask questions about the recommendations. Copilot provides you with a response in natural language that helps you understand the context of the recommendation, the effect of implementing the recommendation, and the steps to take to implement the recommendation.
+
+Some sample prompts include:
+
+- Show critical risks for publicly exposed resources
+- Show critical risks to sensitive data
+- Show resources with high severity vulnerabilities
+
+Copilot can also assist with each recommendation and can refine your recommendations, provide a summary of individual recommendations, remediation steps for recommendations, and allow you to delegate recommendations.
+
+:::image type="content" source="media/copilot-security-in-defender-for-cloud/summarize-copilot.png" alt-text="Screenshot of a recommendation that shows where the Summarize with Copilot button is located." lightbox="media/copilot-security-in-defender-for-cloud/summarize-copilot.png":::
+
+## Copilot's capabilities in Defender for Cloud
+
+Copilot for Security in Defender for Cloud isn't reliant on any of the available plans in Defender for Cloud and is available for all users when you:
+
+1. [Enable Defender for Cloud on your environment](connect-azure-subscription.md).
+1. [Have access to Azure Copilot](../copilot/overview.md).
+1. [Have Security Compute Units assigned for Copilot for Security](/copilot/security/get-started-security-copilot).
+
+However, in order to enjoy the full range of Copilot for Security's capabilities in Defender for Cloud, we recommend enabling the [Defender for Cloud Security Posture Management (DCSPM) plan](concept-cloud-security-posture-management.md#cspm-features) on your environments. The DCSPM plan includes many extra security features such as [Attack path analysis](how-to-manage-attack-path.md), [Risk prioritization](risk-prioritization.md) and more, all of which can be navigated and managed using Copilot for Security. Without the DCSPM plan, you're still able to use Copilot for Security in Defender for Cloud, but in a limited capacity.
+
+## Monitor your usage
+
+Copilot for Security has a usage limit. When the usage in your organization is nearing its limit, you're notified when you submit a prompt. To avoid a disruption of service, you need to contact the Azure capacity owner or contributor to increase the Security Compute Units (SCU) or limit the number of prompts.
+
+Learn more about [usage limits](/copilot/security/manage-usage). 
+
+## Related content
+
+- [Analyze recommendations with Copilot for Security](analyze-with-copilot.md)
+- [Summarize recommendations with Copilot for Security](summarize-with-copilot.md)
+- [Remediate recommendations with Copilot for Security](remediate-with-copilot.md)
+- [Delegate recommendations with Copilot for Security](delegate-with-copilot.md)
+- [Remediate code with Copilot for Security](remediate-code-with-copilot.md)

articles/defender-for-cloud/delegate-with-copilot.md

@@ -0,0 +1,58 @@
+---
+title: Delegate recommendations with Copilot for Security
+author: Elazark
+ms.author: elkrieger
+description: Learn how to delegate recommendations with Copilot in Microsoft Defender for Cloud and improve your security posture.
+ms.topic: how-to
+ms.date: 06/10/2024
+#customer intent: As a security professional, I want to understand how to use Copilot to delegate recommendations in Defender for Cloud so that I can improve my security posture.
+---
+
+# Delegate recommendations with Copilot for Security
+
+Microsoft Defender for Cloud's integration with Microsoft Copilot for Security allows you to delegate recommendations that are present on the recommendations page with natural language prompts. Recommendations can be delegated to another person or team. 
+
+Delegating recommendations can improve your security posture by having the right people address the risks and vulnerabilities presented by the recommendations that are present in your environment.
+
+## Prerequisites
+
+- [Enable Defender for Cloud on your environment](connect-azure-subscription.md).
+
+- [Have access to Azure Copilot](../copilot/overview.md).
+
+- [Have Security Compute Units assigned for Copilot for Security](/copilot/security/get-started-security-copilot).
+
+## Delegate a recommendation
+
+You can use Copilot to delegate recommendations to ensure the right person or team is handling the risks and vulnerabilities that are present in your environment.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. Navigate to **Recommendations**.
+
+1. Select a recommendation.
+
+1. Select **Summarize with Copilot**.
+
+1. Review the summary.
+
+1. Select **Delegate the remediation to the resource owner**.
+
+    :::image type="content" source="media/delegate-with-copilot/delegate-recommendation.png" alt-text="Screenshot that shows where the Delegate the recommendation prompt is located." lightbox="media/delegate-with-copilot/delegate-recommendation.png":::
+
+1. Review the result.
+
+1. Select **here** to send an email to your colleague.
+
+1. Review the email and add recipients.
+
+1. Select **Send**.
+
+Once the recommendation is delegated, you can monitor the progress of the remediation on Defender for Cloud's recommendations page. Copilot remains open and you can enter other prompts as needed.
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Remediate code with Copilot for Security](remediate-code-with-copilot.md)