How to Connect Microsoft Security Agents to Security Copilot

Windows 11 » How To
Milan Stanojevic
Milan Stanojevic Shield
Windows Toubleshooting Expert
How To
Reading time icon 4 min. read

Calendar icon Published on

microsoft security agents
XINSTALL BY CLICKING THE DOWNLOAD FILE
A message from our partner

Fix Windows 11 OS errors with Fortect:

  • Download Fortect and install it on your PC
  • Launch the tool and Start scanning to find broken files that are causing the problems
  • Right-click on Start Repair to fix issues affecting your computer’s security and performance
Download Now Fortect has been downloaded by 0 readers this month, rated 4.6 on TrustPilot

Microsoft Security Copilot uses advanced security agents that analyze threats, correlate signals, and automate investigation tasks. To use it effectively, you must install the required components and configure permissions, data sources, and plugins. Follow the steps below for a complete setup.

Table of contents

How to install Microsoft Security Copilot

Check subscription requirements

Before setting up Security Copilot, confirm that your tenant meets all licensing and role requirements.

  1. Sign in to the Microsoft 365 Admin Center.
    Image
  2. Confirm that your tenant has Security Copilot licensing.
  3. Verify that you have Global Admin or Security Admin permissions.
  4. Ensure your tenant uses Entra ID and that Defender services are active.

You can review how Microsoft security components work here: Windows 11 security overview

Enable Security Copilot in the admin portal

After verifying requirements, activate Security Copilot inside the Microsoft Security portal.

  1. Go to security.microsoft.com.
  2. Open Settings.
  3. Select Security Copilot.
  4. Enable Security Copilot for the tenant.
  5. Assign access to the users or groups who will use it.

Install Security Copilot plugin tools

Install the Copilot interface tools to access the service from your browser.

  1. Open the Microsoft 365 Apps portal.
  2. Install the Security Copilot extension for Edge or a supported browser.
  3. Sign in with your work account.
  4. Verify that the Copilot icon appears in the Microsoft Security portal.

Connect Defender and Sentinel signals

Security Copilot relies on incoming security signals for analysis and guidance.

  1. Open the Microsoft Security portal.
    Image
  2. Select Settings.
  3. Open Data connectors.
  4. Connect Microsoft Defender XDR, Microsoft Sentinel, and Entra ID logs.
  5. Confirm that log ingestion is active.

For deeper configuration details, check: Windows Defender settings explained

How to configure Microsoft Security Copilot

Configure access control

Role based access ensures only approved users manage or use Copilot features.

  1. Go to the Entra ID admin center.
    Image
  2. Open Roles and administrators.
  3. Assign Global Administrator, Security Administrator, or Security Reader.
  4. Apply Conditional Access policies if needed.

Configure Security Copilot plugins

Plugins allow Copilot to access Defender, Sentinel, Purview, and Intune data.

  1. Open the Microsoft Security portal.
  2. Select Copilot.
  3. Open Plugin settings.
    Image
  4. Enable the plugins required for your workflows.
  5. Save changes.

Set up incident response automations

Automations help Copilot guide investigations and apply recommended actions.

  1. Open Microsoft Defender XDR.
  2. Select Automation.
  3. Create a new automation rule.
  4. Add actions such as device isolation or email remediation.
  5. Enable AI assisted guidance.
  6. Save the rule.

Configure security agent telemetry

Telemetry ensures Copilot receives complete endpoint data for analysis.

  1. Open the Microsoft 365 Defender portal.
  2. Select Settings.
  3. Open Device configuration.
  4. Enable advanced telemetry.
  5. Verify that devices report correctly.

General device security settings can also be reviewed here: How to use Windows Security

Customize Security Copilot scenarios

Scenario Builder helps teams standardize investigations and responses.

  1. Open Security Copilot in the Microsoft Security portal.
  2. Select Scenario builder.
  3. Create scenarios such as phishing or identity compromise.
  4. Add required data sources and investigation steps.
  5. Save the scenario for team use.

FAQs

What do Microsoft security agents do in Security Copilot

They gather signals from Defender, Sentinel, and Entra ID, then feed the AI engine for analysis and guidance.

Do I need to install Security Copilot on every endpoint

No. Copilot is cloud based and only requires licensing and portal access.

Does Security Copilot replace Microsoft Defender

No. Copilot enhances Defender by adding AI supported investigation and response.

Is Sentinel required for Security Copilot

No, but Sentinel improves the quality of signals used for AI analysis.

When fully installed and configured, Microsoft Security Copilot becomes a powerful AI driven tool for threat investigation, detection, and automated response. By enabling the correct plugins, connecting Defender and Sentinel telemetry, and assigning proper access roles, your organization gains faster insights and stronger protection across all endpoints.

More about the topics: security

Milan Stanojevic

Milan Stanojevic Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he spends most of his time learning about computers and technology. Before joining WindowsReport, he worked as a front-end web developer. Now, he's one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

User forum

0 messages