Microsoft Security Copilot Reviews

I am not part of the admin team, but we take the feedback from our admins, who are essentially the people using Microsoft Security Copilot. From them, what I understand is that they want to use Microsoft Security Copilot to ensure there is comprehensive coverage, so Microsoft Security Copilot will help them assess Purview, Defender, Sentinel, all of them in one go. That is one of their key use cases for using Microsoft Security Copilot, to have everything under one umbrella.

We are an all Microsoft shop, which means that we are using Microsoft's security tools and features. Microsoft Security Copilot is embedded across all the security tools that we use, and that is one benefit that we have been having. We do not have to purchase multiple tools or non-Microsoft tools, and we do not have to go for a Gemini or any other AI assistant tool. That is the use case primarily.

I would say the integration of Microsoft Security Copilot with other Microsoft security solutions like Purview data security and posture management has helped ease a lot of pressure that earlier existed on admins and the CIO, whose main job was to have multiple integrations across different tools. Microsoft Security Copilot has helped with easing that pressure because everything is under a single umbrella, and they are able to devote their time towards the right set of activities. The time-saving has really helped is what I understand from them.

The feature I like the most about Microsoft Security Copilot is the dashboard.

My view on the effectiveness of Microsoft Security Copilot's natural language interface in elevating team expertise is that it is really helpful because there have been folks who have just been integrated into this team and they are relatively new. They do not know how the policies have been framed up until now, and they too have been able to get integrated much sooner. I would say the impact has been pretty high.

Microsoft Security Copilot has helped reduce our organization's mean time to resolution, MTTR. As I said, one of the major use cases that we have seen is the reduced time spent on integrating and understanding Purview's output versus Sentinel's output, because the two speak to each other through Microsoft Security Copilot. We have everything in one umbrella, and that is absolutely helping us reduce the MTTR.

One thing that we heard not from our engineers but from our procurement team was that they are not very clear on the licensing and pricing for Microsoft Security Copilot. We have been trying it out for the last two months as we are a Microsoft shop and have been given early access to it. However, there has not been a lot of clarity for our procurement team on what will happen once this trial period or this early access is over. If there could have been a bit more clarity on whether this is based on a per seat per month basis, or if it is based on APIs, or on the basis of how many calls to action you are taking, that would help. When they have tried to reach out to the sales team, the response they have gotten is that they should try it out first and pricing will be discussed later. Just a bit more clarity on pricing would be nice to have.

I have been using Microsoft Security Copilot for the last two months.

Based on the talks that I have had with the engineers and the admins, Microsoft Security Copilot has been pretty stable and reliable. They have been pretty impressed with it. They have not had any incidents so far despite having everything on Microsoft Security Copilot.

I have not experienced any downtime, crashes, or performance issues with Microsoft Security Copilot.

I think Microsoft Security Copilot scales well with the growing needs of our organization. As I said, we are not hiring in that particular team, so I think we will be able to manage a lot of security incidents much better.

Expanding the usage of Microsoft Security Copilot is really in the early days and we have not seen that yet. We are really first trying to ensure that the existing policies are in place. We have not really expanded. The trial that we are holding is for a team of about 400 to 500 folks, and we are thinking of expanding it enterprise-wide. We are a shop of 5,000 people, so it is on the cards. I think it should be rolled out as soon as we get clarity on the pricing.

My evaluation of customer service and technical support for Microsoft Security Copilot is that Microsoft's Indian technical support has always been there. We are an enterprise customer for Microsoft, so we do get that priority assistance. I do not think we have felt the need because of no incident having happened, but during the deployment times, the technical support did help in the beginning. They were really responsive.

On a scale from one to ten, I would rate customer service and technical support for Microsoft Security Copilot as a nine. They have been there not only for Microsoft Security Copilot but also for the other technical aspects as well.

Positive

Prior to adopting Microsoft Security Copilot, we were using another solution to address similar needs.

My experience with deploying Microsoft Security Copilot is that it was really easy. It was just a plug-and-play, switch-off, switch-on kind of thing.

In the deployment of Microsoft Security Copilot, everything went well, and I faced no issues whatsoever.

We have started to see a return on investment with Microsoft Security Copilot. We are not hiring any more in the IT and security team, and we feel we may be able to reduce the workforce there or have the workforce spend time elsewhere, not on security and integration incidents. We are approaching the ROI part.

That is exactly my experience with pricing, setup costs, and licensing for Microsoft Security Copilot.

We were a Microsoft shop, so we did not look at Gemini or any other platform before selecting Microsoft Security Copilot.

My impressions of the available agents, such as the access review agent in Microsoft Entra, are that the access review agent and the triage agent are the ones that we have been using the most so far.

My advice to other organizations considering Microsoft Security Copilot is that if you are on Microsoft tools and you are a Microsoft shop, you should not look elsewhere. Microsoft Security Copilot is absolutely the place to be. I would rate this product a nine out of ten.

We are deploying Microsoft Security Copilot on Microsoft Azure.

Microsoft Security Copilot capabilities are being attached to managed services. In every single one of the services including Microsoft Purview, Microsoft Sentinel, and in the XDR stack with E5 entitlements, Microsoft Security Copilot is being attached to each one of these managed offerings to add reduced time to detect, respond, and derive additional insight that most companies cannot purchase a full-time employee for. A full-time employee is usually too expensive, and Microsoft Security Copilot, especially with recent changes, allows for it to be a more beneficial route for some companies, specifically government.

The impact of the integration of Microsoft Security Copilot with other Microsoft security solutions, such as Purview, on the organization's security posture is that it has had a rebounding effect. Because everybody wants to use it, what it has done is forced the entirety of organizations leveraging Copilot in general to actually adopt Purview. In order to use it, they have realized their security and data governance is not where it needs to be. This has magnified the already understood security concerns that most legal and compliance teams already had and made them now a security problem, which if you have worked in the IT field, you know if security has a problem, they are most likely going to tackle it with some level of vigorous attempt.

Microsoft Security Copilot has helped reduce the mean time to resolution. The mean time to detect is still dependent on the solution itself, but there needs to be a new acronym for MTTU, the mean time to understand and determine what is actually happening. Resolution is an outcome of that, obviously, but there is a layer in between that even a junior analyst can now respond to an alert.

The ability to build Microsoft Security Copilot agents is outstanding. The first-party agents are amazing, and the ability to derive additional insights and create reduced queues of information and alerts, stating which ones need focus, is valuable. The additional feedback that can be given to the agent, which allows for it to refine its process, is outstanding in the current state. Now that the cost has matched the value, AI in Microsoft security cannot be avoided anymore. It is here now.

The natural language interface is extremely approachable because inputs are as good as outputs, which is a universal understanding of natural language models and LLMs with that interface. The real value is in the tools that sit underneath it. The question is what the agent can actually do once asked that question. Can it pull information from areas that previously it could not? Can it actually action on these? Can one determine, via MCP or something of that nature, what the security posture should become and what steps need to be taken next? It is truly dependent on the underlying infrastructure and technologies, less about the interface itself.

AI features have not quite been used to automate tasks yet. Having a human in the middle is still proving to be the best method for adoption because not many people are ready to give AI the wheel. Human involvement with enough refinement and inputs from that trusted human, and then eventually, companies should allow AI to fully automate their security processes within about a year.

Agent-to-agent is how Microsoft Security Copilot can be improved. Agent-to-agent is the next logical step in creating an automation chain where RBAC can be enabled to ensure that each agent only has a specific amount of permissions through least privilege and zero trust principles. The capability to then understand, detect, determine, and respond can be reduced even further.

There has been involvement in Microsoft Security for about eight years and in security as a whole for about ten years. When starting out, Microsoft Defender for Endpoint was not that great because it was brand new around the 2016 era. Sentinel had just released, and Defender for Endpoint was not really the top of the market best of breed, but the vision was clear that Microsoft was going to get it right eventually. The dedication to this journey has continued.

There has not been enough stability and reliability demonstrated yet. The hosting method is not known, which is a black box situation. When talking about confidentiality, integrity, and availability, availability is the critical concern. When relying on Microsoft Security Copilot as an organization and it goes down, the question becomes what happens then. How do you know it is going to fail over appropriately? Is it hosted in one area? Is it hosted in multiple areas? Is it distributed? None of that is known yet, and it does not appear that this has been revealed to the masses. However, as custom agents are built, organizations will be able to control that, which makes agent-to-agent even more important.

Microsoft Security Copilot is scalable for a growing organization. Scalability is the name of the game, involving understanding exactly where focus and money need to be placed and ensuring that where focus and money are placed can scale with the size, speed, and capabilities of organizations as they adopt AI in the workplace.

The experience of deploying it is that if you know what you are doing and know where to go, it is very easy and literally a click of a button. If you do not, then there is apprehension. Education is going to be extremely important in the near future.

There is not enough documentation, and visual learning resources are needed. A 15-second video showing the process of pressing the button to get started would be helpful. The plan is to personally create those resources to show organizations exactly how to press that button without fear and what the repercussions and costs to the organization might be, ensuring protection so that a boss, CISO, or CFO does not come asking why there is a ten-thousand dollar bill.

Regarding the pricing, setup cost, and licensing, it was unreasonable before and was not realistic. No one was going to use it, and no one really did use it unless given some money to blow in the first month just trying to understand how to use it. The announcement this week has changed everything. Microsoft Security Copilot is now integrated with E5, providing four hundred SKUs for one thousand users who have E5, up to ten thousand users. If buying E5, everything is now included.

AI in Microsoft Security Copilot for incident response is effective. Full-time employees represent a longstanding known problem that most organizations are not serviced enough with or do not have enough to actually handle the volume that they receive. The goal of Microsoft Security Copilot is to bridge that gap and solve a problem that has been known to exist for a long time. The review rating for this product is 7.

Our primary use case for Microsoft Security Copilot is accelerating SOC investigations, threat hunting, and incident analysis by summarizing telemetry across Defender XDR, Sentinel, Identity, and endpoint data. We mainly use it to reduce analyst investigation time, generate KQL queries, correlate alerts faster, and assist junior analysts during triage and incident response workflows.

Microsoft Security Copilot improves consistency across analysts with different experience levels during investigations. It helps junior SOC analysts understand attack context, recommend response actions, and telemetry correlations much faster, which improves overall triage efficiency and reduces escalation dependency for common incidents on the senior analysts.

The best features in Microsoft Security Copilot are AI-assisted incident summarization, automated telemetry correlation, KQL query generation, and contextual investigation guidance across Microsoft security products. The biggest operational value comes from reducing analyst investigation time, helping junior analysts during triage, and accelerating threat hunting by converting manual natural language prompts into actionable security insights and queries.

The AI-assisted incident summarization feature helps our SOC team quickly understand the full attack story without manually reviewing every alert and telemetry source. In practice, it correlates identity, email, endpoint, and cloud activity into a readable investigation summary with impacted assets, attack sequence, indicators, and recommended actions, which significantly reduces triage and escalations during active incidents.

Microsoft Security Copilot assists with threat hunting and investigation workflows using natural language prompts. It helps analysts generate KQL queries, summarize large alert databases, and quickly pivot across Defender XDR and Sentinel telemetry without manually building every investigation from scratch.

Microsoft Security Copilot positively impacted our SOC operations by reducing investigation time, improving analyst efficiency, and accelerating incident triage across multiple Microsoft security platforms. The initial alert triage and investigation time reduced by roughly 30 to 50% because analysts spent less time manually correlating telemetry and building queries. The junior analysts became more effective during incident handling, which reduced unnecessary escalation to the senior SOC resources. The threat hunting and KQL generation became faster and more consistent, especially during high alert volume periods or active phishing or ransomware investigations.

Microsoft Security Copilot could improve in response accuracy and consistency for highly complex investigations involving large data sets or multi-stage attack scenarios. We would appreciate deeper customization for prompts, stronger third-party security tool integrations, better context retention across investigation sessions, and more granular control over how recommendations and summaries are generated for SOC workflows.

Microsoft Security Copilot could benefit from strong long session memories and investigation context retention across multiple analyst handoffs. We would also appreciate tighter integration with third-party SIEM or SOAR ticketing platforms, plus better control over response explainability so analysts can validate why certain conclusions or remediation recommendations were generated.

I have been using Microsoft Security Copilot for two and a half years.

Microsoft Security Copilot is stable.

It is scalable because it is cloud native, so there is no impact on performance when it is scaled from a small enterprise to a larger enterprise or a very large enterprise.

The customer support is good. Their customer support is very good. Most of the time, we resolve issues by reading the documentation and knowledge base articles rather than contacting customer support. However, the customer support representatives are really good, and their response time and expertise are very good.

Previously, I did not use any AI-assisted security tool such as Microsoft Security Copilot. Instead, we relied on the free, open-source AI assistant tools available, such as ChatGPT and OpenAI.

The setup was relatively simple within the Microsoft Security ecosystem, but the licensing and consumption-based cost management required careful monitoring to avoid unexpected operational expenses during high analyst activity or large incident investigations.

We started seeing the ROI with Microsoft Security Copilot, mainly to reduce analyst investigation time and improved SOC efficiency during high alert volumes. The initial triage and incident investigation time reduced by roughly 30 to 40% because the analysts spent less time manually correlating telemetry and writing KQL queries. Junior analysts became productive faster, which reduced dependency on senior SOC resources for routine investigations and phishing incidents. Threat hunting and incident summarization workflows became significantly faster during large-scale phishing or ransomware investigations, helping the team manage more incidents without increasing SOC headcount proportionally.

Our experience for pricing for Microsoft Security Copilot is still on the higher side for continuous SOC uses, especially in large enterprise environments with heavy investigation workloads. The setup was relatively simple within the Microsoft Security ecosystem, but the licensing and consumption-based cost management required careful monitoring to avoid unexpected operational expenses during high analyst activity or large incident investigations.

Before adopting Microsoft Security Copilot, we evaluated AI-assisted capabilities from platforms such as Google Security AI and CrowdStrike Charlotte AI. We selected Microsoft mainly because of the native integration with Defender XDR, Sentinel, Identity, Endpoint, and email telemetry, which gave analysts a more unified investigation experience across the Microsoft security ecosystem.

If any customer is willing to buy this product, I would recommend blindly going for this product because it is a very good product. My advice for organizations considering it is to treat it as an analyst acceleration platform rather than a replacement of SOC expertise, and I would also recommend checking with the Microsoft sales representative for a good deal and negotiating with them regarding the pricing. I gave this product a rating of 8.

Public Cloud

Microsoft Azure

My main use cases for Microsoft Security Copilot include summarizing policies, auto threat detection, auto remediation, and auto aligning the SOC teams to take actions.

The features of Microsoft Security Copilot that I prefer the most are the ability to have everything in one unified platform. That is what excites us the most. We don't have to toggle between different tools, so it seamlessly integrates a lot of what we do into one common platform. Centralization is the biggest use case.

We are exploring the agentic AI feature to automate security and IT tasks, but we haven't deployed it yet.

The integration of generative AI in Microsoft Security Copilot for incident response is really helpful. One of the incident response features is definitely very helpful, and identity and access management has been a true differentiator for us when we are using Microsoft Security Copilot.

The features of Microsoft Security Copilot have benefited our organization by bringing in a lot of efficiencies between teams. There are a lot of roles that come together when security is involved. We have an IT admin, a security admin, a policies team, and a SOC team. Having that one unified platform makes it super easy for teams to collaborate, and it brings in a lot of efficiencies for the team.

The features of Microsoft Security Copilot that I prefer the most are the ability to have everything in one unified platform in a single place. That is what excites us the most. We don't have to toggle between different tools, so it seamlessly integrates a lot of what we do into one common platform. Centralization is the biggest use case.

Microsoft Security Copilot can be improved by addressing the ambiguity around agents at the moment. Teams do not fully understand agents, so guidance and handholding for clients in that space would be useful. Otherwise, the security products are known generally, but it's the agentic capabilities where our organization is still in the agentic journey. We are still a bit behind because we really need that guidance.

I would assess the stability and reliability of Microsoft Security Copilot as fairly strong. I have not experienced any downtime, crashes, or performance issues.

We have expanded usage of Microsoft Security Copilot. The process to expand usage has some hiccups. It's primarily because a lot of our people are still learning AI and agents, but other than that, it's been fairly smooth.

I don't know how to evaluate my customer service and technical support experiences.

Neutral

Prior to adopting Microsoft Security Copilot, I was not using another solution to address similar needs.

I would describe my experience with deploying Microsoft Security Copilot as fairly quick.

I'm not close to the ground challenges that the technical teams might have faced, but in general, the feedback has been good.

There is definitely a return on investment with Microsoft Security Copilot. It reduces the overall effort by 20 to 25%, but I'm not in the budgeting area, so I don't know the actual ROI that our budgeting team tracks.

I don't have a lot of experience with the pricing, setup costs, and licensing.

Before selecting Microsoft Security Copilot, I considered CrowdStrike and Palo Alto. What stood out in my evaluation process when comparing them is that Microsoft has a more holistic approach to security. There is more with the whole approach with Sentinel One, Purview, infra, and Intune; it brings together the whole ecosystem. In general, Microsoft can be your one-stop shop for security, which a lot of these other vendors are not.

The impact of the integration of Microsoft Security Copilot with other Microsoft security solutions including Purview and Data Security Posture Management is that our organization hasn't rolled out everything yet. We are in the phase where, for example, Purview also has a Microsoft Security Copilot component, and Intune also has a copilot component. Our organization is still in the early days of realizing those benefits through integration, but wherever we have done that, we have seen early success.

The advice I would give to another organization that's considering Microsoft Security Copilot is to look at the holistic portfolio of Microsoft from the security standpoint. Microsoft can be a one-stop shop for all your security needs, so you don't need to have multiple solutions from different vendors in place. If you are a Microsoft shop using Microsoft 365 and all of that, Microsoft could be the one to take care of all your security needs. I would rate this solution a 9 out of 10.

Microsoft Security Copilot is primarily used for Copilot purposes.

The features of Microsoft Security Copilot that I find most valuable are Endpoint Manager.

We are still exploring examples of how these features have benefited our organization. We haven't gone live yet, as we are currently in a pilot phase.

The integration of generative AI and Microsoft Security Copilot for incident response is really helping us. We appreciate the automation and self-healing capabilities.

Governance is an area where Microsoft Security Copilot can be improved, and it should be included as an additional feature in the next release.

I have been using Microsoft Security Copilot for approximately the last four months.

Regarding the stability and reliability of Microsoft Security Copilot, I have not experienced any downtime, crashes, or performance issues so far.

We should know how well Microsoft Security Copilot scales with the growing needs of our organization after we complete the POC.

My experience with customer service and technical support has been excellent, with no issues to report, and I would give it an eight.

Positive

Prior to adopting Microsoft Security Copilot, we were using a bunch of third-party products to address similar needs.

My experience with deploying Microsoft Security Copilot was straightforward and easy.

Even though it has been about four months, I have not yet seen a return on investment.

My experience with the pricing, setup costs, and licensing is that we manage them.

We did not shop around much before selecting Microsoft Security Copilot.

The impact of the integration of Microsoft Security Copilot with other Microsoft security solutions such as Purview data security posture management on our organization's security posture has not been felt, as we haven't done any integration yet.

Our plan is to use the Microsoft Security Copilot standalone portal to build, test, and deploy our own security copilot agents.

My view on the effectiveness of Microsoft Security Copilot's natural language interface in evaluating team expertise is that it has been positive so far. We are still learning.

We have not yet used the agentic AI feature to automate security and IT tasks.

We have not yet used the new security store to discover the autonomous security copilot agents.

Regarding whether Microsoft Security Copilot has helped reduce our organization's mean time to resolution, we are hoping for this benefit. We haven't gone live yet, as we are still in a pilot phase.

My advice to another organization considering Microsoft Security Copilot is to definitely try it out because we do appreciate a lot of the features that we want to use. I would rate this product an eight overall.

Microsoft Security Copilot has been in use for almost a year, integrated with the complete stack that includes M365 and agentic AI plus security. As Microsoft CSP partners, we deploy Microsoft Security Copilot for customers, allowing them to integrate their data with Microsoft Sentinel and other technologies to discover any issues that have occurred in the organization. Customers can write a prompt and receive all incidents that have happened in the organization, consolidated by the AI engine to help discover findings in approximately ten minutes instead of five hours.

Every engagement with customers starts with a conversation about secure score, where we assist in assessing anything related to identity or data. If there is a lack on the data side, we help them with Microsoft Purview, and for identity issues, we have Defender for Identity, enabling the necessary tools. When discussing Purview, it now has all the AI infusion that enhances its collaboration with the overall suite, effectively benefiting the customer.

The Security Copilot standalone portal is not used on a day-to-day basis by me, as the team manages it, but it is understood to be working well. I am more hands-on with M365 and Copilot Studio at a day-to-day productivity level, while the team is actively enabling Microsoft Security Copilot for customers.

The options for scalability with Microsoft Security Copilot are endless, and the goal is to encourage all employees to use this engine. By employing agents with agentic AI, tasks that typically take hours are reduced to minutes.

The way Microsoft Security Copilot integrates with the whole ecosystem is valuable, as it works seamlessly with Microsoft Sentinel and other frameworks. The data is obviously important, and AI itself will not have any value without the specific data lying in the underlying systems, making its integration with all the incoming information valuable.

The experience of the team using Microsoft Security Copilot has been amazing, as there are many customization options available. It integrates into the whole system, becoming the first layer of interaction for customers to figure out what is happening. Previously, customers needed to run queries to find specifics like event ID 1903, but now it is just a single prompt to check how many machines are affected. The way it helps customers discover issues within their organization is truly valuable.

Microsoft Security Copilot has helped us and our clients reduce the mean time to resolution significantly.

Microsoft Security Copilot really helps the overall NLP picture.

Microsoft Security Copilot can search both the internet and the data inside your organization using the Microsoft 365 Graph. This grants users access to powerful insights that would normally take hours to find, from a single prompt.

The flexibility to have more integrations with other available security tools would improve Microsoft Security Copilot, particularly with third-party integrations to enhance ease.

Regarding pricing, it is a bit high, as each time it is discussed with customers, pricing becomes a challenging topic. This is an area worth investigating for potential improvement.

I have been an MCT for more than seven or eight years.

Although there was a recent CrowdStrike outage, things have been smooth, and there have not been any significant issues with Microsoft Security Copilot.

The options for scalability with Microsoft Security Copilot are endless, and the goal is to encourage all employees to use this engine.

The option to open support tickets with Microsoft's customer service and technical support is available, and that process is utilized.

The experience with Microsoft support varies depending on the level of the ticket. Unified support makes more sense, but normal support has been rough for some customers.

Neutral

Being a Microsoft partner allows for Microsoft Security Copilot licenses to be received for free, which makes stating an ROI challenging. However, from the customer's perspective, this would likely make more sense as a question.

The deployment experience of Microsoft Security Copilot would need to be confirmed with the team, but overall, it has really improved daily productivity as the team leverages the RAG engine for emails and improved operations.

Many organizations encountered are using ChatGPT and the paid version, and the strongest pitch lies in the seamless transition between work and web profiles. The review rating for this product is eight out of ten.

I appreciate the recommendations that Microsoft Security Copilot provides. The feature is most beneficial during the cold start when I need to begin analyzing something, as it gives me the first few steps, which is helpful and saves time.

The integration of generative AI in Security Copilot for incident response is quite effective, primarily because of the cold start capability. In incident response, you must act quickly, and sometimes you miss things because you start too slowly or don't follow all the right procedures at the beginning. This tool provides a solid checklist right from the start.

I did not observe a significant impact from the integration of Security Copilot with other Microsoft security solutions, as it was simply working in parallel with this new feature.

Occasionally the tool is slow, and sometimes it experiences hallucinations. However, overall, my view on the effectiveness of Security Copilot's natural language interface in elevating team expertise is that it performs quite well.

I am uncertain why it is slow for us; the slowness is random. I ask a question, and sometimes it takes time to respond or does not provide an accurate answer. This is typical for large language models, so I try not to be overly concerned, but it does happen occasionally.

My thoughts on how Microsoft Security Copilot can be improved include that I assume the context and training the agent has are limited to security, which is expected. However, I would expect it to be faster than other agents. Therefore, slowness and hallucinations are detractors.

I have been using Microsoft Security Copilot for about one year.

I would evaluate the stability and reliability of Microsoft Security Copilot as decent, as there were no issues other than some slowness from time to time. I have not experienced any downtime, crashes, or performance issues, so there is nothing to report.

I would assess how well Microsoft Security Copilot scales with the growing needs of my organization as not applicable since we do not grow as quickly. We are a very small company and plan to stay small.

I did not need customer service and technical support, so there were no issues. I cannot rate customer service and technical support on a scale from one to ten, as the rating is not applicable since we never contacted them.

Prior to adopting Microsoft Security Copilot, we used ChatGPT in general to get responses, but it was difficult because it does not have all the context, and we do not want to put customer data in there directly. We did not have another tool that was displaced by this adoption.

The factors that led me to consider a change were mostly concerns about trust with personally identifiable information. We do have licenses from both OpenAI and Microsoft that technically say the same thing, but the trust we place in Microsoft at a high level is higher than the trust we put in OpenAI as a smaller startup.

My experience with deploying Microsoft Security Copilot is that it is straightforward. What was straightforward about it was that there was nothing that was different, unique, or any different from other platform products, so it was uncomplicated, and I did not have any issues with it.

We did not encounter any challenges with Microsoft Security Copilot, as everything worked as expected. Being a very small deployment, there were not too many kinks or anything unusual in the environment.

I do not know yet if I have seen a return on investment with Microsoft Security Copilot, as we need to measure it, so it remains unknown. I have not measured whether Microsoft Security Copilot has helped reduce my organization's mean time to resolution, so I cannot say, but I assume so.

My experience with pricing, setup costs, and licensing was mostly positive, as we are a very small client and did not have any issues with that.

Before selecting Microsoft Security Copilot, we were considering Anthropic or another open source model, Nemotron from NVIDIA, which is excellent.

What stood out to me in my evaluation process when comparing these options was that open source is free and can be hosted on-premises, so there would be no issues with customer data. However, speed is an issue with those solutions, as you then need to maintain your own infrastructure. Anthropic seemed to have better performance than OpenAI for our use case, but it did not feel like we would be solving the trust issue. Microsoft eventually became the solution we started using. We are still evaluating, so we do experiment with other products in parallel. If there is another product that is better, we will move, but for now, Microsoft Security Copilot works well for us.

The advice I would give to other organizations considering Microsoft Security Copilot is that they should try it. I have not used the Security Copilot standalone portal to build, test, and deploy my own Security Copilot agents. I have not used the agentic AI feature to automate security and IT tasks, as we do not automate anything at this time, mostly due to trust concerns. We have not used the new Security Store to discover autonomous Security Copilot agents, as we do not use autonomous features yet. I would rate this product overall as an eight out of ten.

My main use cases for Microsoft Security Copilot include our SOC operations in our organization where we provide service to clients, and we're using it to plan our week in terms of the activities and the priorities for each one of our clients.

We're using it sporadically or when we're investigating a particular incident. Unfortunately, we are turning it on and off because of price constraints.

It helped us generate insights for a client quickly and allowed us to present them in a very intelligent way to the customer. The customer made the decision to go for full adoption of Intune because of our reports.

It does a good job of analyzing security across different areas. We use Microsoft Sentinel. It does a good job of working with Microsoft Sentinel and correlating all of those incidents. It has helped a lot. Unfortunately, it's not constantly used in our operations. It's purpose-driven, so we end up being limited. I wish it were not so expensive, so we could use it more broadly.

Microsoft Security Copilot has enhanced our ability to translate technical language to language that we can discuss with managers or senior executives. It helped us to present information to senior executives. 

Microsoft Security Copilot has benefited our company primarily through speed. The integration is easy, which is fantastic. It eliminates one big hurdle that we usually have when adopting or proposing new technologies, which is a big positive for us. The ability to look at everything at once is very positive when doing analysis. It points you to where that information is coming from. That is fantastic because then we can go straight to the source of the issue and get things addressed quicker.

Microsoft Security Copilot has helped reduce our company's mean time to resolution. The reduction in time varies case by case, but we have had instances where it reduced the time by days. We try to look at the most complex use cases because whenever we use Microsoft Security Copilot, we have to turn on the meter. We try to be picky about the use cases and go for ones that would take us a lot of time.

I appreciate the ability to interact with the security data. Microsoft Security Copilot's ability to process security data is very good. It has helped us investigate some specific use case scenarios. Once you get the gist of it, it's great. If you just play around with it, not knowing what you're doing, it does not always give you what you are looking for. If you're trying to be too broad, it cannot always provide the most accurate information.

The AI-driven guidance and analysis of Microsoft Security Copilot is very good to have. It's built into the product, but it comes at a cost. We cannot use it on a daily basis. We need to be very purpose-driven.

For many customers, it's too expensive. It comes at a price. What we end up doing is activating it for the purpose of extracting an action plan, then we turn it off. So, unfortunately, for most customers, we're not using it constantly. We're using it sporadically or while investigating a particular incident. We are turning it on and off because of price constraints.

More transparency is needed. The pricing model should also be different. To improve Microsoft Security Copilot and make it the best solution in the market, the main hurdle today is cost. If a way could be found to make it more cost-effective and streamline the licensing mechanism, they have the technology to succeed in the marketplace. It's potentially better than what's out there.

I have been using Microsoft Security Copilot for about a year.

For stability, I would rate it a nine out of ten. For reliability, I would go with a six out of ten. We still have to validate many things. There are circumstances where we expected certain things to surface through our prompting with Microsoft Security Copilot, but they did not come up. That makes us anxious about whether the results are indeed comprehensive and total.

We don't have any concerns whatsoever with scalability. Even though we have several clients, it has never been a problem. We haven't used Microsoft Security Copilot for any particular customer on an ongoing basis as an everyday tool yet, so I don't know how that would behave, but for our use cases, scalability is not an issue.

I hear mixed experiences from our customers regarding the customer service and technical support from Microsoft. That's not our experience since we have a good relationship with Microsoft, and we can usually find our way past roadblocks. However, many of our customers report mixed experiences with Microsoft support. Based on our customers' experiences, I would rate their support a seven out of ten.

Neutral

My experience deploying Microsoft Security Copilot is easy; that's the best part. We never had any problems with the deployment of the solutions.

My experience with deploying Microsoft Security Copilot in terms of working with Microsoft's team is very good. We always get support, guidance, and insights when needed. I think the partner material to present it to customers could be improved.

The biggest return on investment that I've seen when using Microsoft Security Copilot is the ability to scale. We produce more without having to add more resources to the team.

Its pricing scares our customers the most. They didn't understand that it would generate such a cost. Once they understood, they became defensive about wanting to commit because it's not clear to them what the costs would be. We, as partners, need to do a better job explaining it and showing the value because many clients struggle to make the connection between how much they pay and the return on investment.

For us, the licensing is fairly straightforward, but we have a team dedicated to it. However, it's a little bit complex for customers.

As a Microsoft partner, I wouldn't choose another solution. We are biased, and we learn it so we can serve our customers and Microsoft customers with it. We are focused on Microsoft technologies.

We have played around with a few tools that do the same thing as Microsoft Security Copilot, but our experience has been very limited, more to just getting a sense of what's out there. From a performance perspective, Microsoft Security Copilot seems to be doing better than other tools, but from a commercial perspective, other tools are offering better deals for the customer, allowing the ability to use AI at a lower cost. The perception of the customer is that they can get AI from another provider at a lower cost compared to Microsoft's offerings.

A customer was comparing SIEM solutions, such as Microsoft Sentinel. One of the SIEM solutions offers integrated AI and does similar things to Microsoft Security Copilot. The cost is included in the cost of SIEM, which seems to be a better deal for customers from a cost perspective.

I would rate Microsoft Security Copilot a seven out of ten due to two things: the reliability, which still needs some work, and the commercial aspect. Those two aspects bring it down to a seven.

Public Cloud

Microsoft Azure

We are one of the earlier adopters of Microsoft Security Copilot. The security piece of Microsoft Security Copilot has not been operationalized.

We are primarily targeting our IT project managers and program managers with Microsoft Copilot to make their lives easier. Especially from an implementation standpoint, we have got reports feeding and capturing minutes of meetings. This reduces the manual effort. 

We find it secure. The security guardrails that have been set for it to explore and get the required information are working flawlessly.

Integration with email and documents is valuable. It has been wonderful for us with Microsoft Copilot, especially when trying to find information within the organization. It is doing a fantastic job and has established how securely it can process the data.

One of the pain areas I have with Microsoft is that most of the security gets checked in only with E5. There is a very limited set of things one could do with E3. For a large customer, moving from E3 to E5 is a significant investment. I do not have that luxury today to switch, but Microsoft needs to give at least some kind of à la carte option between E3 and E5, maybe an E4, to cherry-pick from E5.

Excel calculation is something I would want Microsoft Copilot to improve. It cannot do every calculation that OpenAI can do when given a problem statement. Considering that Excel is the home ground for Microsoft, we should be able to do a lot more in Excel. That would benefit us largely. I find myself often going back and forth, solving problems. I have to use ChatGPT, which is pretty accurate, but when I try to give the same commands with Microsoft Copilot integrated into Excel, it is less effective.

I would assess the stability and reliability as a nine out of ten. It is very reliable for us.

It's pretty light. We started off with 500 users, and we might go up as we are roughly about 40,000 users with a couple of use cases. We have plans to expand. There has been a lot of interest among people in both the IT and business sides of the organization. This gave us a fair idea of the sweet spot in terms of the licenses we might end up with.

I would rate their customer support a nine out of ten.

Positive

We were using a different solution. That was the beginning of our AI journey.

I would rate it an eight out of ten.

Hybrid Cloud

My main use case is to design our activations to sell the products.

The feature I like the most about Microsoft Security Copilot is being able to triage and know what is the most important thing to fix for deficiencies or things that are just not effective.

I can provide an example of how it benefits the company: we sell more products. It helped me reduce the mean time to resolution very quickly. I would say it reduces the mean time to resolution by maybe fifteen minutes. Before, the time to resolution was approximately an hour.

I think it can be improved by having more users feeding it information because the more things it pulls from, the more we teach it and it builds on it. More users means more ways to fix and build upon it.

I have been working in my current field for two to three years.

I did not face any challenges at some point; I did not have crashes or downtime. I would say it is very reliable and stable. It is very reliable and very easy to use.

I did not think of other solutions before choosing this one.

I would describe the experience deploying it as very easy. I think they give us all the tools, they give us the support, they give us the program managers, the product managers, and then it is easy to deploy.

I can say that I have seen a return on investment from having it.

I do not have any experience with the pricing, setup cost, and the licensing.

I have been using Microsoft Security Copilot for two to three years.

I am not using it as a standalone portal to build, test, deploy and deploy my own Microsoft Security Copilot agent.

My view on the effectiveness of Microsoft Security Copilot natural language interface is that each year it gets better. It is pretty effective, but I think each year it gets better in defending more and more threats because every year threats get larger and bigger. And so it only gets better. I know we are releasing new things at the conference this year that will even be better.

I have not used the agentic AI feature to automate security, but I know our agents work.

My thoughts on the integration of generative AI in it for incident response are that it saves us time and money. Before it would take an hour to triage an incident to fix it. Now it takes maybe ten to fifteen minutes.

I think I have used it to discover the autonomous Microsoft Security Copilot agent.

I give this product a rating of ten out of ten. I want to add: go buy Microsoft Security Copilot.