Merge pull request #1604 from MicrosoftDocs/poliveria-mdti-copilot-update-10162024

poliveria · web-flow · commit 21d8b94101f5 · 2024-10-16T17:13:04.000+08:00
updated outline/organization
diff --git a/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md b/defender/threat-intelligence/security-copilot-and-defender-threat-intelligence.md
@@ -1,5 +1,5 @@
 ---
-title: Microsoft Copilot for Security and Microsoft Defender Threat Intelligence
+title: Microsoft Copilot for Security in Microsoft Defender Threat Intelligence
 description: Learn about Microsoft Defender Threat Intelligence capabilities embedded in Copilot for Security.
 keywords: security copilot, threat intelligence, defender threat intelligence, defender ti, copilot for security, embedded experience, vulnerability impact assessment, threat actor profile, plugins, Microsoft plugins
 ms.service: defender-xdr
@@ -16,28 +16,38 @@ ms.topic: conceptual
 ms.date: 12/04/2023
 ---
 
-# Microsoft Copilot for Security and Microsoft Defender Threat Intelligence
+# Microsoft Copilot for Security in Microsoft Defender Threat Intelligence
 
 >[!IMPORTANT] 
 > On June 30, 2024, The Microsoft Defender Threat Intelligence (Defender TI) standalone portal (https://ti.defender.microsoft.com) was retired and is no longer accessible. Customers can continue using Defender TI in the [Microsoft Defender portal](https://aka.ms/mdti-intel-explorer) or with [Microsoft Copilot for Security](security-copilot-and-defender-threat-intelligence.md). [Learn more](https://aka.ms/mdti-standaloneportal)
 
 Microsoft Copilot for Security is a cloud-based AI platform that provides natural language copilot experience. It can help support security professionals in different scenarios, like incident response, threat hunting, and intelligence gathering. For more information about what it can do, read [What is Microsoft Copilot for Security?](/security-copilot/microsoft-security-copilot).
 
-**Copilot for Security integrates with Microsoft Defender Threat Intelligence**
+Copilot for Security customers gain for each of their authenticated Copilot users access to Microsoft Defender Threat Intelligence (Defender TI). To ensure that you have access to Copilot, see the [Copilot for Security purchase and licensing information](/security-copilot/faq-security-copilot).
 
-Copilot for Security delivers information about threat actors, indicators of compromise (IOCs), tools, and vulnerabilities, as well as contextual threat intelligence from Microsoft Defender Threat Intelligence (Defender TI). You can use the prompts and promptbooks to investigate incidents, enrich your hunting flows with threat intelligence information, or gain more knowledge about your organization's or the global threat landscape.
+Once you have access to Copilot for Security, the key features discussed in this article become accessible in either the Copilot for Security portal or the [Microsoft Defender portal](using-copilot-threat-intelligence-defender-xdr.md).
 
-This article introduces you to Copilot and includes sample prompts that can help Defender TI users.
 
 ## Know before you begin
 
-- You can use Copilot capabilities to surface threat intelligence in either the [Copilot for Security portal](#using-copilot-for-security-standalone-portal-to-get-threat-intelligence) or the [Microsoft Defender portal](#using-microsoft-copilot-in-defender-to-get-threat-intelligence). [Learn more about Copilot for Security experiences](/security-copilot/experiences-security-copilot)
+If you're new to Copilot for Security, you should familiarize yourself with it by reading these articles:
+
+- [What is Microsoft Copilot for Security?](/security-copilot/microsoft-security-copilot)
+- [Microsoft Copilot for Security experiences](/security-copilot/experiences-security-copilot)
+- [Get started with Microsoft Copilot for Security](/security-copilot/get-started-security-copilot)
+- [Understand authentication in Microsoft Copilot for Security](/security-copilot/authentication)
+- [Prompting in Microsoft Copilot for Security](/security-copilot/prompting-security-copilot)
+
+## Copilot for Security integration in Defender TI
+
+Copilot for Security delivers information about threat actors, indicators of compromise (IOCs), tools, and vulnerabilities, as well as contextual threat intelligence from Defender TI. You can use the prompts and promptbooks to investigate incidents, enrich your hunting flows with threat intelligence information, or gain more knowledge about your organization's or the global threat landscape.
+
 - Be clear and specific with your prompts. You might get better results if you include specific threat actor names or IOCs in your prompts. It might also help if you add **threat intelligence** to your prompt, like:
   - Show me threat intelligence data for Aqua Blizzard.
   - Summarize threat intelligence data for "malicious.com."
 - Be specific when referencing an incident (for example, "incident ID 15324").
 - Experiment with different prompts and variations to see what works best for your use case. Chat AI models vary, so iterate and refine your prompts based on the results you receive.
-- Copilot for Security saves your prompt sessions. To see the previous sessions, from the Copilot [Home menu](/security-copilot/navigating-security-copilot#home-menu), go to **My sessions**.
+- Copilot saves your prompt sessions. To see the previous sessions, from the Copilot for Security [Home menu](/security-copilot/navigating-security-copilot#home-menu), go to **My sessions**.
     
     ![Screenshot that shows the Microsoft Copilot for Security Home menu with My sessions highlighted.](/defender/threat-intelligence/media/defender-ti-and-copilot/copilot-my-sessions.png)
 
@@ -46,7 +56,22 @@ This article introduces you to Copilot and includes sample prompts that can help
 
 [Learn more about creating effective prompts](/security-copilot/prompting-tips)
 
-## Using Copilot for Security standalone portal to get threat intelligence
+## Key features
+
+Copilot for Security lets security teams understand, prioritize, and take action on threat intelligence information immediately.
+
+You can ask about a threat actor, attack campaign, or any other threat intelligence that you want to know more about, and Copilot generates responses based on threat analytics reports, intel profiles and articles, and other Defender TI content. 
+
+You can also select any of the built-in prompts that are available in the Defender portal to do the following actions:
+
+-	[Summarize](using-copilot-threat-intelligence-defender-xdr.md#summarize-the-latest-threats-related-to-your-organization) the latest threats related to your organization
+-	[Prioritize](using-copilot-threat-intelligence-defender-xdr.md#prioritize-which-threats-to-focus-on) which threats to focus on based on your environment's highest exposure level to these threats
+-	[Ask](using-copilot-threat-intelligence-defender-xdr.md#ask-about-the-threat-actors-targeting-the-communications-infrastructure-industry) about the threat actors targeting the communications infrastructure industry
+
+[Learn more about using Copilot in Defender for threat intelligence](using-copilot-threat-intelligence-defender-xdr.md)
+
+
+## Enable the Copilot for Security integration in Defender TI
 
 1. Go to [Microsoft Copilot for Security](https://go.microsoft.com/fwlink/?linkid=2247989) and sign in with your credentials.
 2.	Make sure that the Defender TI plugin is turned on. In the prompt bar, select the **Sources** icon ![Screenshot of the Sources icon.](/defender/threat-intelligence/media/defender-ti-and-copilot/copilot-sources-icon.png).
@@ -81,7 +106,7 @@ Copilot also has the following promptbooks that also deliver information from De
 
 To view these promptbooks, in the prompt bar, select the **Prompts** icon then select **See all promptbooks**. 
 
-### Sample prompts for Defender TI
+## Sample Defender TI prompts
 
 You can use many prompts to get information from Defender TI. This section lists some ideas and examples.
 
@@ -126,38 +151,17 @@ Get contextual information and threat intelligence on Common Vulnerabilities and
 - Show me threat actors associated with CVE-2021-44228.
 - Show me the threat articles associated with CVE-2021-44228.
 
-### Provide feedback
+## Provide feedback
 
-Your feedback on the Defender TI integration with Copilot for Security helps with development. To provide feedback, in Copilot, select **How's this response?** At the bottom of each completed prompt and choose any of the following options:
+Your feedback on the Defender TI integration in Copilot for Security helps with development. To provide feedback, in Copilot, select **How's this response?** At the bottom of each completed prompt and choose any of the following options:
 - **Looks right** - Select this button if the results are accurate, based on your assessment. 
 - **Needs improvement** - Select this button if any detail in the results is incorrect or incomplete, based on your assessment. 
 - **Inappropriate** - Select this button if the results contain questionable, ambiguous, or potentially harmful information.
 
 For each feedback button, you can provide more information in the next dialog box that appears. Whenever possible, and when the result is **Needs improvement**, write a few words explaining what can be done to improve the outcome. If you entered prompts specific to Defender TI and the results aren't related, then include that information.
 
-## Using Microsoft Copilot in Defender to get threat intelligence
-
-Copilot for Security customers gain for each of their authenticated Copilot users access to Defender TI within the Microsoft Defender portal. To ensure that you have access to Copilot, see the [Copilot for Security purchase and licensing information](/security-copilot/faq-security-copilot).
-
-Once you have access to Copilot for Security, the key features discussed in the next section become accessible in the following *Threat intelligence* sections of the Defender portal:
-- Threat analytics
-- Intel profiles
-- Intel explorer
-- Intel projects
-
-### Key features
-
-Copilot in Defender brings Copilot for Security's capability to look up threat intelligence into the portal, letting security teams understand, prioritize, and take action on threat intelligence information immediately.
-
-You can ask about a threat actor, attack campaign, or any other threat intelligence that you want to know more about, and Copilot generates responses based on threat analytics reports, intel profiles and articles, and other Defender TI content. You can also select any of the available built-in prompts that let you do the following actions:
-
--	[Summarize](using-copilot-threat-intelligence-defender-xdr.md#summarize-the-latest-threats-related-to-your-organization) the latest threats related to your organization
--	[Prioritize](using-copilot-threat-intelligence-defender-xdr.md#prioritize-which-threats-to-focus-on) which threats to focus on based on your environment's highest exposure level to these threats
--	[Ask](using-copilot-threat-intelligence-defender-xdr.md#ask-about-the-threat-actors-targeting-the-communications-infrastructure-industry) about the threat actors targeting the communications infrastructure industry
-
-[Learn more about using Copilot in Defender for threat intelligence](using-copilot-threat-intelligence-defender-xdr.md)
 
-## Data processing and privacy
+## Privacy and data security in Copilot for Security
 
 When you interact with Copilot for Security to get Defender TI data, Copilot pulls that data from Defender TI. The prompts, the data retrieved, and the output shown in the prompt results are processed and stored within the Copilot service. [Learn more about privacy and data security in Microsoft Copilot for Security](/security-copilot/privacy-data-security)
 
diff --git a/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md b/defender/threat-intelligence/using-copilot-threat-intelligence-defender-xdr.md
@@ -49,7 +49,7 @@ You can experience Copilot for Security's capability to look up threat intellige
    :::image type="content" source="/defender/threat-intelligence/media/defender-ti-and-copilot/copilot-defender-side-pane.png" alt-text="Screenshot that shows the Microsoft Defender portal Threat analytics page with the open Microsoft Copilot in Defender side pane highlighted." lightbox="/defender/threat-intelligence/media/defender-ti-and-copilot/copilot-defender-side-pane.png":::
 
    You can also reopen Copilot by selecting the **Copilot icon** ![Screenshot that shows the Copilot icon in the Microsoft Defender portal.](media/defender-ti-and-copilot/copilot-defender-icon.png) at the top of the page.
-2. In the Copilot prompt bar, ask about a threat actor, attack campaign, or any other threat intelligence that you want to know more about, then select the **Send message** icon ![Screenshot that shows the Send message icon in Copilot in Defender.](media/defender-ti-and-copilot/copilot-defender-arrow.png) or press **Enter**. [See sample prompts for Defender TI](security-copilot-and-defender-threat-intelligence.md#sample-prompts-for-defender-ti).
+2. In the Copilot prompt bar, ask about a threat actor, attack campaign, or any other threat intelligence that you want to know more about, then select the **Send message** icon ![Screenshot that shows the Send message icon in Copilot in Defender.](media/defender-ti-and-copilot/copilot-defender-arrow.png) or press **Enter**. [See sample prompts for Defender TI](security-copilot-and-defender-threat-intelligence.md#sample-defender-ti-prompts).
 
 3. Copilot generates a response from your text instruction or question. While Copilot is generating, you can cancel the response by selecting **Stop generating**.
    
