Partner Skilling Catalog

PSC

Implement Security Copilot across Microsoft Security workloads

In this course, you will learn to deploy and configure Microsoft Security Copilot to deliver AI-powered security operations across Microsoft workloads. You ll explore embedded and standalone experiences, authentication and prompting techniques, promptbooks, plugins, connectors, agents, and integration with Microsoft security solutions. Through hands-on labs, you ll use Security Copilot to analyze alerts, investigate identity risks, gain threat intelligence, and extend its functionality with custom plugins and agents to streamline incident response, strengthen posture, and ensure compliance.

12 hours(Suggested: 3 days, 4h/day)TechnicalProject ReadyHands-on Labs

MS Course ID: 00060

Last Updated: Jan 23, 2026

Get Started

Related Certifications

SC-200

SC-300

Course Syllabus

Get started with Microsoft Security Copilot

Module 1: Introduction and Setup
• Introduction to Security Copilot
• Requirements and Onboarding
• Authentication
• Licensing, Pricing and Capacity
• Exploring the Standalone and Embedded Experience
• Security Copilot Agents
• Microsoft Security Store
Module 2: Workspace and Core Usage
• Workspace Overview
• Prompting and Prompt book
• Privacy and data security
• Responsible AI
Module 3: Extensibility
• Plugins
• Connectors
• Sample Use Cases

180 mins

Lecture

Interactive Simulated Lab Experience

• Lab 1 - Setting up the environment for Microsoft Security Copilot
• Lab 2 - Connecting Microsoft Sentinel in the Microsoft Defender Portal for Threat Hunting, Triage, Investigation, and Response
• Lab 3 - Creating a multi-stage incident in Microsoft Defender
• Lab 4 - Activating and exploring Security Copilot
• Lab 5 - Adding custom plugins to extend the capabilities of Security Copilot

60 mins

Lab

Accelerate Threat Response and Strengthen Identity Endpoint Security

Module 4: Accelerate Threat Hunting and Incident Response with Defender XDR and Security Copilot
• Incident Investigation, Response, and Automation
• Threat Intelligence with Security Copilot
• Security Copilot agents in Microsoft Defender: Phishing Triage agent, Threat Intelligence Briefing Agent; Threat Hunting Agent, Dynamic Threat Detection Agent
• Advance Threat Hunting with Microsoft Sentinel
Module 5: Strengthen Identity Protection and Access Control with Entra and Security Copilot
• Starter and Suggested prompts
• Microsoft Entra skills in Security Copilot
• Sign-in log troubleshooting
• Investigate risky user
• Application risk management
• Lifecycle workflow management
• Microsoft Entra agents: Conditional Access Optimization Agent, Access Review Agent (Preview)
Module 6: Simplify Endpoint Security, Management, and Troubleshooting with Intune and Security Copilot
• Data exploration
• Policy and setting management
• Device details and troubleshooting
• Manage Windows 365 Cloud PC
• Microsoft Intune agents: Vulnerability Remediation Agent; Change Review Agent, Policy Configuration Agent, Device Off-boarding Agent

180 mins

Lecture

Interactive Simulated Lab Experience

• Lab 6 - Security Copilot - Microsoft Defender embedded Copilot to standalone Copilot investigation
• Lab 7 - Using Security Copilot embedded and standalone portal to get threat intelligence
• Lab 8 - Set Up and Configure the Phishing Triage Agent in Microsoft Defender XDR
• Lab 9- Configure and Use the Threat Intelligence Briefing Agent to Generate Environment-Specific Threat Reports
• Lab 10 - Identity Risk Investigation and Mitigation with Microsoft Security Copilot in Microsoft Entra
• Lab 11 - Implement Conditional Access Optimization Agent (Preview) to Assess Your Digital Estate
• Lab 12 - Configure Device Offboarding agent in Intune

60 mins

Lab

Uncover Data Risks, Elevate Compliance, and Remediate Cloud Threats

Module 7: Uncover Data Risks, Insider Threats, and Compliance Gaps with Purview and Security Copilot
• Supercharge Data Security Posture Management (DSPM) with Security Copilot
• Enhance DLP Investigation and Policy Insights
• Investigate insider risk activities
• Prioritize High-Risk Alerts with Alert Triage Agents
• Summarize Review Set Items in eDiscovery
• Simplifying Compliance Analysis
• Empowering Multiple Personas with Security Copilot in Purview
Module 8: Remediate Cloud Risks and IaC Misconfigurations faster with Defender for Cloud and Security Copilot
• Summarize, remediate, and delegate recommendations
• Remediate Infrastructure as Code (IaC) misconfigurations
Module 9: Gain Contextual Insights and Uncover Malicious Traffic with Azure Plugins in Security Copilot
• Gain contextual insights with the Azure AI Search (Preview) plugin
• Investigate malicious traffic with the Azure Firewall (Preview) plugin
• Analyze WAF logs with the Azure Web Application Firewall (Preview) plugin
Module 10: Reduce Risk Exposure with Surface Management and EASM Plugins in Security Copilot
• Use Surface Management plugin to improve device security posture and reduce risks
• Use the Defender EASM (Preview) plugin to analyze external attack surface and identify critical risks
Module 11: Automate with Agentic Experiences

180 mins

Lecture

Interactive Simulated Lab Experience

• Lab 13 - Creating DLP Policies and Analyzing Alerts with Purview and Security Copilot
• Lab 14 - Implementing Alert Triage Agent in Purview DLP
• Lab 15 - Streamline Incident Response with Alert Triage Agent in Purview IRM
• Lab 16 - Analyze Microsoft Defender for Cloud Recommendations with Security Copilot
• Lab 17 - Investigate Microsoft Sentinel Incidents using Defender for Cloud and Security Copilot

60 mins

Lab

What You'll Learn

Understand core concepts and best practices

Hands-on experience with real-world scenarios

Learn from certified Microsoft experts

Prepare for relevant certifications

Access to lab environments

Post-training support and resources

Course Details

Duration: 12 hours
Level: Intermediate
Role: Technical
Course Type: Project Ready
Partner Segment: SMB, Enterprise
Course Stage: Available
Hands-on Labs: Yes
ESI Course Code: DW-370