Bemærk
Adgang til denne side kræver godkendelse. Du kan prøve at logge på eller ændre mapper.
Adgang til denne side kræver godkendelse. Du kan prøve at ændre mapper.
This article provides an overview of the key personas and how you can discover, set up and use agents, and the related components in the workflow in Microsoft Security Copilot. Advanced users and developers can also build and publish custom agents tailored to their organization’s needs.
Start with agents
In newer onboarding experiences, agents are the primary way to begin working in Security Copilot.
Agents help you:
- Automate investigation workflows
- Perform repeatable tasks
- Guide analysis using structured steps
You can still use prompts and promptbooks alongside agents as needed.
Personas
Security Copilot agents span across three key personas:
Administrators - Discover and determine which agents to install, configure plugins, and review usage and success metrics of the agents.
End users (analysts or data security team; or IT admins) - Interact with agents or prompts by using workflow outputs and providing feedback.
For more information on use cases across personas, see Use cases.
Developers - Build and publish agents for internal use or broader organizational deployment. For more information on the developer documentation, see Build custom agents.
Work with agents, plugins, and connectors
Microsoft Security Copilot uses these capabilities to automate and extend security operations. Understanding how these components work together helps you choose the right approach for each scenario.
| Scenario | Recommended approach | Guidance |
|---|---|---|
| Getting started / investigation | Use agents or start a chat session with prompts | - Agents: Begin with prebuilt or recommended agents - Prompts: Start a session from All history → New session |
| Ad-hoc analysis | Use prompts and promptbooks | Prompting in Security Copilot |
| Repeatable workflow & integration | Use agents, plugins, and connectors | Plugins and Connectors |
| Automation | Use agents | - Review key agent terminology - Explore Discover agents - Review Use cases |
| Advanced workflows | Build custom agents, promptbooks, and custom plugins | - Agents: Build custom agents - Promptbooks: Build your own promptbooks - Plugins: Build custom plugins |
Combine agents and prompts
You can use agents together with prompts as part of your workflow:
- Start with an agent for structured workflows
- Use prompts to explore results or investigate further
- Return to agents for repeatable execution
This flexibility allows you to adapt Security Copilot to your workflow and operational needs.
Agents
An agent is an AI-driven security assistant or workflow that can autonomously execute and orchestrate tasks on behalf of security teams. Each agent has a defined goal such as triaging phishing alerts, generating a threat intelligence briefing, or remediating vulnerabilities.
You can discover Microsoft-built agents, deploy partner agents, or build your own custom agents.
Agents can be:
- Interactive – respond to user input in real time
- Automated – triggered by events or schedules
Plugins
When an agent needs information or needs to take action, it uses a plugin. A plugin connects Security Copilot to a security product or service and provides access to data and actions.
For example:
- Retrieve alerts from Microsoft Sentinel
- Query threat intelligence data
A Security Owner can enable or disable plugins, and developers can build custom plugins.
For more information, see Plugins overview.
Connectors
Connectors integrate Security Copilot with external systems and workflows.
Connectors can:
- Trigger agents
- Run prompts
- Start automation workflows
For more information, see Connectors overview.
Custom agents
If you are a developer, you can build and publish Security Copilot custom agents tailored to your organization's needs.
Security Copilot supports building, testing, and publishing agents for internal or organizational use.
For more information, see the Agent development overview developer content documentation.
Promptbooks
A promptbook is a reusable, multi-step workflow made up of natural language prompts. It guides Security Copilot through structured investigations such as analyzing incidents or generating reports.
Promptbooks can:
- Include multiple prompts
- Reference plugins or skills
- Be reused across workflows
Analysts can run promptbooks manually or as part of agent-driven workflows.
For more information, see Promptbooks.