You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/security-copilot-describe-core-features/includes/2b-describe-workspaces.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ You can think of Copilot Workspaces fitting into this analogy. A Copilot workspa
6
6
7
7
Through the tenant-switching capability in Security Copilot, a user can select in which tenant they'll be working. In our analogy, this is a Copilot user getting access to the house. Once the tenant is selected, a Copilot user can access and work in any workspace (room in the house) to which they have access, within the context of their role permissions in that workspace.
8
8
9
-
:::image type="content" source="../media/workspace-overview.png" lightbox="../media/workspace-overview.png" alt-text="Illustration of city as an organization, tenant as a house, and workspace as a room in a house.":::
9
+
:::image type="content" source="../media/workspace-overview.png" lightbox="../media/workspace-overview.png" alt-text="Illustration of a house which is like a tenant and a room in the house is like a workspace in Security Copilot.":::
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/security-copilot-getting-started/includes/3-describe-terminology.md
+21Lines changed: 21 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,6 +8,7 @@ The following terms are important for understanding the way Microsoft Security C
8
8
- Prompt – A specific statement or question within a session. A user enters a prompt in the prompt bar.
9
9
- Capability – A function Copilot uses to solve part of a problem. A capability may sometimes be referred to as a skill.
10
10
- Plugin – A collection of capabilities by a particular resource.
11
+
- Workspace - Copilot workspaces are separate Copilot work environments within the tenant in which your Copilot instance is operating.
11
12
- Orchestrator – Copilot’s system for composing capabilities together to answer a user’s prompt.
12
13
13
14
***Prompt bar and sessions***
@@ -38,6 +39,26 @@ Copilot currently supports plug-ins for Microsoft services and non-Microsoft ser
38
39
39
40
Some plugins require setup and configuration, as depicted by the Set up button or the gear icon. For Microsoft plugins, set up may be required where resource specific information needs to be specified. For non-Microsoft sources, set up may be required for account authentication.
40
41
42
+
***Workspaces***
43
+
44
+
Copilot workspaces are separate Copilot work environments within the tenant in which your Copilot instance is operating.
45
+
46
+
To help you better understand the concept of workspaces, we'll use the analogy of house with multiple rooms. Each room is configured to be optimized for its function and the people that will use that room. When someone enters the house, they may have access to some rooms but not others.
47
+
48
+
:::image type="content" source="../media/workspace-overview.png" lightbox="../media/workspace-overview.png" alt-text="Illustration of a house which is like a tenant and a room in the house is like a workspace in Security Copilot.":::
49
+
50
+
You can think of Copilot Workspaces fitting into this analogy. A Copilot workspace is analogous to a room in a house. You can also think of the house as analogous to a tenant. In the same way that a house has multiple rooms, the tenant in which Copilot is operating can have multiple workspaces.
51
+
52
+
:::image type="content" source="../media/workspace-manage-v2.png" lightbox="../media/workspace-manage-v2.png" alt-text="A screenshot of the manage workspaces page that lists the available workspaces.":::
53
+
54
+
Through the tenant-switching capability in Security Copilot, a user can select in which tenant they'll be working. In our analogy, this is a Copilot user getting access to the house. Once the tenant is selected, a Copilot user can access and work in any workspace (room in the house) to which they have access, within the context of their role permissions in that workspace.
55
+
56
+
Workspaces are powered by capacities and each workspace must have its own capacity.
57
+
58
+
Using workspaces, you can efficiently map and monitor costs based on team needs and budgets, ensuring that teams have the capacity they need and resources are allocated effectively. Having workspaces also allows you to store session data according to geo-specific regulations and adhere to local data protection laws. These are just a few of the benefits of using workspaces.
59
+
60
+
Refer to the training unit, "Describe workspaces", which is linked in the Summary and resource section of this module, for more information on Copilot workspaces.
61
+
41
62
***Orchestrator***
42
63
43
64
The orchestrator is Copilot’s system for composing capabilities together to answer a user’s prompt. This function is illustrated in more detail in the subsequent unit that describes how Copilot processes prompt requests.
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/security-copilot-getting-started/includes/6-describe-how-to-enable-security-copilot.md
+19-11Lines changed: 19 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,11 @@ To start using Microsoft Security Copilot, organizations need to take steps to o
7
7
8
8
### Provision capacity
9
9
10
-
Microsoft Security Copilot is sold as a consumptive offering, meaning that customers are billed monthly based on a provisioned capacity that is billed by the hour. The capacity that is provisioned is referred to as a security compute unit (SCU). An SCU is the unit of measure of computing power used to run Copilot in both the standalone and embedded experiences.
10
+
Security Copilot operates on a provisioned capacity and an overage model. Provisioned capacity is billed by the hour while the overage capacity is billed on usage.
11
+
12
+
You can flexibly provision Security Compute Units (SCUs) to accommodate regular workloads and adjust them anytime without long-term commitments. An SCU is the unit of measure of computing power used to run Copilot in both the standalone and embedded experiences.
13
+
14
+
To manage unexpected demand spikes, you can allocate an overage amount to ensure that additional SCUs are available when initially provisioned units are depleted during unexpected workload spikes. Overage units are billed on-demand and can be set as unlimited or a maximum amount. This approach enables predictable billing while providing the flexibility to handle both regular and unexpected usage. See the summary and resources section of this module for links to information on Managing security compute unit usage and Security Copilot pricing.
11
15
12
16
Before users can start using Copilot, admins need to provision and allocate capacity. To provision capacity:
13
17
@@ -18,11 +22,11 @@ Before users can start using Copilot, admins need to provision and allocate capa
18
22
19
23
There are two options for provisioning capacity:
20
24
21
-
- Provision capacity within Security Copilot (recommended) - When you first open Security Copilot as an admin, a wizard guides you through the steps in setting up capacity for your organization. The wizard prompts you for information including your Azure subscription, resource group, region, capacity name, and the quantity of SCUs.
25
+
- Provision capacity within Security Copilot (recommended) - When you first open Security Copilot as an admin, a wizard guides you through the steps in setting up capacity. The wizard prompts you for information including your Azure subscription, resource group, region, capacity name, and the quantity of SCUs.
22
26
- Provision capacity through Azure - The Azure portal now includes Security Copilot as a service. Selecting the service, opens the page where you input information including your Azure subscription, resource group, region, capacity name, and the quantity of SCUs.
23
27
24
28
> [!NOTE]
25
-
> Regardless of the method you choose, you will need to purchase a minimum of 1 and a maximum of 100 SCUs.
29
+
> Regardless of the method you choose, you'll need to purchase a minimum of 1 and a maximum of 100 SCUs.
26
30
27
31
# [Provision through Copilot](#tab/provision-through-copilot)
28
32
:::image type="content" source="../media/set-up-capacity-new-v2.png" lightbox="../media/set-up-capacity-new-v2.png" alt-text="Screen capture showing the page for capacity provisioning through Copilot.":::
@@ -34,27 +38,29 @@ There are two options for provisioning capacity:
34
38
35
39
Regardless of the approach you choose to provision capacity, the process takes the information and establishes a resource group for the Microsoft Security Copilot service, within your Azure subscription. The SCUs are an Azure resource within that resource group. Deployment of the Azure resource can take a few minutes.
36
40
37
-
Once admins complete the steps to onboard to Copilot, they can manage capacity by increasing or decreasing provisioned SCUs within the Azure portal or the Microsoft Security Copilot product itself. Security Copilot provides a usage monitoring dashboard for capacity owners allowing them to track usage over time and make informed decisions about capacity provisioning. As an owner, you have visibility into the number of units used in a session, the specific plugins employed during sessions, and the initiators of those sessions. The dashboard also allows you to apply filters and export usage data seamlessly. The dashboard includes up to 90 days of data.
41
+
Once admins complete the steps to onboard to Copilot, they can manage capacity by increasing or decreasing provisioned SCUs within the Azure portal or the Microsoft Security Copilot product itself.
Security Copilot provides a usage monitoring dashboard for capacity owners allowing them to track usage over time and make informed decisions about capacity provisioning. The usage monitoring dashboard provides visibility, for a selected workspace, into the number of units used, the specific plugins employed during sessions, and the initiators of those sessions. The dashboard also allows you to apply filters and export usage data seamlessly. The dashboard includes up to 90 days of data.
To set up the default environment, you need to have, at least, a Security Administrator role.
44
50
45
51
During the setup of Security Copilot, you're prompted to configure settings. These include:
46
52
47
-
- SCU capacity - Select the capacity of SCUs previously provisioned.
53
+
- SCU capacity - Select the capacity of SCUs previously provisioned. Each workspace must have its own capacity.
48
54
49
-
- Data storage - When an organization onboards to Copilot, the admin must confirm the geographic location of the tenant as the customer data collected by the services is stored there. Microsoft Security Copilot operates in the Microsoft Azure data centers in the European Union (EUDB), the United Kingdom, the United States, Australia and New Zealand, Japan, Canada, and South America.
55
+
- Data storage - When an organization onboards to Copilot, one of the available settings determines where your customer data will be stored. Configuration of the data storage location applies at a workspace level. Microsoft Security Copilot operates in the Microsoft Azure data centers in the European Union (EUDB), the United Kingdom, the United States, Australia and New Zealand, Japan, Canada, and South America.
50
56
51
57
- Decide where your prompts are evaluated - You can restrict the evaluation within your geo or allow evaluation anywhere in the world.
52
58
53
-
- Logging audit data in Microsoft Purview - As part of the initial setup and listed under Owner settings in the standalone experience, you can choose to allow Microsoft Purview to process and store admin actions, user actions, and Copilot responses. This includes data from any Microsoft and non-Microsoft Integrations. If you opt in and you already use Microsoft Purview, no further action is needed. If you opt in but aren't already using Purview, you need to follow the Microsoft Purview guides to set up a limited experience.
59
+
- Logging audit data in Microsoft Purview - As part of the initial setup and listed under Owner settings in the standalone experience, you can choose to allow Microsoft Purview to process and store admin actions, user actions, and Copilot responses. This includes data from any Microsoft and non-Microsoft Integrations. If you opt in and you already use Microsoft Purview, no further action is needed. If you opt in but aren't already using Purview, you need to follow the Microsoft Purview guides to set up a limited experience. This configuration applies to all workspaces in a tenant.
54
60
55
61
:::image type="content" source="../media/owner-settings-logging-audit-data.png" lightbox="../media/owner-settings-logging-audit-data.png" alt-text="Screen capture showing the settings for how you can configure audit logging.":::
56
62
57
-
- Your organization's data - The admin must also opt in or opt out of data sharing options. These options are part of the initial setup and also listed under Owner settings in the standalone experience. Turn the toggles on or off for any of the following options:
63
+
- Your organization's data - The admin must also opt in or opt out of data sharing options. These options are part of the initial setup and also listed under Owner settings in the standalone experience and can be configured per workspace. Turn the toggles on or off for any of the following options:
58
64
59
65
- Allow Microsoft to capture data from Security Copilot to validate product performance using human review: When turned on, customer data is shared with Microsoft for product improvement. Prompts and responses are evaluated to understand whether the right plugins were selected, if the output is what was expected, how responses, latency, and output format can be improved.
60
66
@@ -64,7 +70,7 @@ During the setup of Security Copilot, you're prompted to configure settings. The
64
70
65
71
:::image type="content" source="../media/help-improve-copilot.png" lightbox="../media/help-improve-copilot.png" alt-text="Screen capture showing the settings for how you can configure data sharing to help improve Copilot.":::
66
72
67
-
- Plugin settings - The admin manages plugins and configures whether to allow Security Copilot to access data from your Microsoft 365 services.
73
+
- Plugin settings - The admin manages plugins and configures whether to allow Security Copilot to access data from your Microsoft 365 services. These settings are configured per workspace.
68
74
- Configure who can add and manage their own custom plugins and who can add and manage custom plugins for everyone in the organization.
69
75
- Manage plugin availability and restrict access. When enabled, admins decide which new and existing plugins will be available to everyone in your organization, and which will be restricted to owners only.
70
76
- Allow Security Copilot to access data from your Microsoft 365 services. If this option is turned off, your organization won't be able to use plugins that access Microsoft 365 services. Currently, this option is required for use of the Microsoft Purview plugin. Setting and/or changing this setting requires a user with a Copilot owner role or a global Microsoft Entra administrator role.
@@ -73,7 +79,7 @@ During the setup of Security Copilot, you're prompted to configure settings. The
73
79
74
80
### Role permissions
75
81
76
-
To ensure that the users can access the features of Copilot, they need to have the appropriate role permissions.
82
+
To ensure that the users can access the features of Copilot, they need to have the appropriate role permissions. Role permissions are configured per workspace.
77
83
78
84
Permissions can be assigned using Microsoft Entra ID roles or Security Copilot roles. As a best practice, provide the least privileged role applicable for each user.
79
85
@@ -106,3 +112,5 @@ For a detailed listing of the permissions granted for each of these roles, refer
106
112
Your role controls what activities you have access to, such as configuring settings, assigning permissions, or performing tasks. Copilot doesn't go beyond the access you have. Additionally, individual Microsoft plugins may have their own role requirements for accessing the service and data it represents. As an example, an analyst that has been assigned a security operator role or a Copilot workspace contributor role is able to access the Copilot portal and create sessions, but to utilize the Microsoft Sentinel plugin would need an appropriate role like Microsoft Sentinel Reader to access incidents in the workspace. To access the devices, privileges, and policies available through the Microsoft Intune plugin, that same analyst would need another service-specific role like the Intune Endpoint Security Manager role.
107
113
108
114
Generally speaking, Microsoft plugins in Copilot use the OBO (on behalf of) model – meaning that Copilot knows that a customer has licenses to specific products and is automatically signed into those products. Copilot can then access the specific products when the plugin is enabled and, where applicable, parameters are configured. Some Microsoft plugins that require setup may include configurable parameters that are used for authentication in-lieu of the OBO model.
115
+
116
+
Enabling of individual plugins and configuration of plugins is done per workspace.
0 commit comments