Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
This FAQ describes how Responsible AI (RAI) principles apply to Microsoft Security Store Advisor, including how the system works, its intended uses, limitations, and how Microsoft evaluates and improves the experience.
What is Microsoft Security Store Advisor?
Security Store Advisor is an AI-powered, natural language experience in the Security Store. It helps customers discover relevant Microsoft and partner security agents, SaaS solutions, and services to meet their security outcomes. Agents, SaaS solutions, and services are collectively referred to as solutions going forward.
Inputs: Natural language queries or prompts, such as "strengthen identity protection" or "improve ransomware resilience."
Outputs: Scenario-aligned solution recommendations and comparison views that list relevant security solutions with associated attributes, such as solution short description, integrated services, certifications and more. These recommendations are based on solution detailed information such as solution name, description, certifications, integrated services and more.
This release operates entirely in unauthenticated mode. You can use the Advisor without signing in.
What can Security Store Advisor do?
Security Store Advisor uses AI, including natural language processing and scenario matching, to:
Interpret user queries expressed in everyday language.
Map queries to information provided in security solutions to determine matches.
Surface relevant Microsoft and partner security SaaS solutions, agents, and/or services aligned to those scenarios.
Provide transparent rationale for recommendations, such as:
- How each solution aligns to the scenario.
- Key capabilities and integrations.
- Ratings and reviews, where available.
- Certifications and mappings to security frameworks (for example, NIST functions).
Support side-by-side comparison of similar offerings, such as:
- SaaS security solutions
- Security agents
- Professional services
The Advisor is designed to help users move from a problem statement to a focused list of options, without requiring deep prior product knowledge.
What are the intended uses of Security Store Advisor?
Security Store Advisor is intended for:
Early-stage exploration: Helping customers understand what security outcomes are possible and which types of solutions address those outcomes.
Solution discovery: Guiding customers from a high-level security need (for example, identity protection, ransomware resilience, SOC modernization) to relevant solutions in the Microsoft Security Store.
High-level comparison: Allowing customers to compare similar offerings using transparent attributes such as capabilities, integrating services, pricing, ratings and reviews, and certifications to help in customer's solution evaluation process.
Security Store Advisor is not intended to:
Make operational security decisions.
Replace security experts or security operations processes.
Directly configure, deploy, or modify security products or policies.
Customers should treat Advisor as a discovery and decision-support tool, not as an automated decision-maker.
How was Security Store Advisor evaluated? What metrics are used to measure performance?
Security Store Advisor was evaluated using Microsoft’s standard quality, security, and responsible AI processes for AI-powered features. Evaluation activities include:
Scenario-based testing to verify that Advisor responses are relevant to common security outcomes (for example, identity protection, ransomware resilience, insider risk).
Quality and relevance reviews of recommendations to ensure they align with the requested scenario and available product metadata.
Red-teaming and safety testing to identify and mitigate potential misuse, low-quality responses, or misalignment with responsible AI principles.
Ongoing monitoring and iterative improvement based on product telemetry and user feedback.
Microsoft does not publicly disclose specific numerical accuracy metrics for this experience. Instead, Advisor is evaluated for:
Relevance of recommendations to the user’s described scenario.
Consistency with documented product capabilities.
Clarity and transparency of rationale for recommendations.
Advisor is designed for broad, scenario-based discovery, not for narrow, high-stakes classification or automated decision-making. Users should always review solution details and documentation before making purchase or deployment decisions.
What are the limitations of Security Store Advisor? How can I minimize their impact?
The current Security Store Advisor release has the following limitations:
No personalization: Advisor doesn't use user identity, role, or past behavior to personalize recommendations.
No tenant or posture awareness: Advisor doesn't access or use tenant configuration, existing deployments, or security posture (for example, alerts, incidents, or active threats).
Unauthenticated experience only: All interactions occur without sign-in. Advisor doesn't use tenant data or Microsoft Entra ID information even if the user is signed in.
Informational-only output: Advisor doesn't deploy solutions, change configurations, or perform actions in your environment. It provides discovery and comparison information only.
Metadata and catalog-based: Recommendations are based on Security Store solution catalog, solution details, and solution metadata. They might not fully reflect recent changes or niche configurations. How to minimize the impact of these limitations:
Use Advisor as a starting point for exploration, not as the final decision-maker.
Always review the full product documentation and official marketplace or product pages before making purchasing or deployment decisions.
Consider your organization’s current environment, policies, and compliance requirements when interpreting recommendations.
When in doubt, involve your security architects, administrators, or trusted partners to validate the fit of any solution for your specific context.
What operational factors and settings allow for effective and responsible use of Security Store Advisor?
To use Security Store Advisor effectively and responsibly:
Use it for early-stage exploration and comparison. Advisor is most effective when used to understand options, compare offerings, and narrow down candidates for further evaluation.
Keep queries high-level and scenario-focused. Phrase questions around outcomes (for example, "detect insider risk," "improve cloud posture") rather than detailed environment specifics, which Advisor doesn’t access.
Validate details via authoritative sources. After Advisor suggests solutions, review:
- Solution details
- Official Microsoft documentation as needed
- Partner solution documentation as needed
Do not rely on Advisor for urgent or high-stakes decisions. For time-sensitive security operations or incident response, use dedicated security products and processes such as Microsoft Sentinel, Microsoft Defender, and established SOC workflows.
Respect organizational governance. Align use of Advisor with your internal procurement, security review, and compliance processes.
This release doesn't expose user-configurable AI settings or customizations. All behavior is governed by Microsoft’s responsible AI and privacy standards.
Does Security Store Advisor store my queries or personal data?
No.
For this release, Security Store Advisor is designed so that:
User queries are processed transiently to generate responses.
Advisor does not store user queries or use them to build customer-specific profiles.
Advisor does not ingest or rely on tenant data, security posture, or deployment information.
All processing follows Microsoft’s standard privacy and security practices. Learn more: Microsoft privacy
Does Security Store Advisor use my tenant or security posture?
No.
In this release:
Advisor does not access your tenant, subscriptions, or security products.
Advisor does not use information about:
- Active alerts or incidents
- Existing deployments
- Configuration or policy settings
- User or device inventory
Does Security Store Advisor use AI? If so, how?
Yes.
Security Store Advisor uses AI to:
Interpret natural language queries and prompts.
Map those queries to details provided by the publisher for each solution
Select relevant security solutions based on solution metadata and solution details mappings.
Present recommendations and comparisons in a structured, easy-to-understand format.
Advisor outputs are constrained by information provided by the publisher for each solution.
How do I provide feedback on Security Store Advisor?
Microsoft actively uses feedback to improve the quality, safety, and usefulness of Security Store Advisor.
You can provide feedback by:
Using any in-product feedback controls or response sentiment icons available in the Microsoft Security Store Advisor experience.
Working with your Microsoft account team to share feedback on relevance, coverage, or limitations.
Submitting feedback through your organization’s established channels for Microsoft products, if applicable.
When sharing feedback, include details such as:
The scenario or query you used
Which recommendations were helpful or unhelpful
Any missing solutions or incorrect information you observed
Where can I learn more about Microsoft’s approach to Responsible AI?
To learn more about how Microsoft designs and operates AI systems responsibly: