Microsoft Scenario Library Information Technology Perform a security incident investigation

Available with: Copilot for Security

Information Technology scenario: Perform a security incident investigation

Back to Information Technology Scenarios Download scenario guide

Scenario

Get helpful guidance for security investigations

1. Summarize incident

A security analyst wants to get a summary of an incident in Defender XDR or Unified Security Operations Platform.

Copilot icon

Copilot for Security

Prompt: Summarize Defender incident <DEFENDER_INCIDENT_ID>

Activity in embedded: Or open the incident page and click on the INCIDENT in the Defender XDR portal or Unified SecOps platform

The analyst wants to check how to respond to the incident.

Copilot icon

Copilot for Security

Prompt: How to respond to this incident?

Activity in embedded: Guided response offers actions that can be taken to remediate the incident

The analyst wants to check if the IP address involved belongs to a known threat actor.

Copilot icon

Copilot for Security

Prompt: What is the reputation for the IPv4 addresses observed in this incident?

The analyst wants to check which user devices may be impacted by generating a KQL query.

Copilot icon

Copilot for Security

Prompt: If a user is listed in the incident details, show which devices they have used recently and indicate whether they are compliant with policies.

Activity in embedded: Use the Generate KQL queries for advanced hunting option for a guided experience to

The analyst checks to see if the impacted devices have the latest operating system updates.

Copilot icon

Copilot for Security

Prompt: If any devices are listed in the previous output, show details from Intune on the one that checked in most recently. Especially indicate if it is current on all operating system updates.

Generate an incident report to document the incident and communicate with the leadership team.

Copilot icon

Copilot for Security

Prompt: Write an executive report summarizing this investigation. It should be suited for non-technical audience.

KPIs

Opportunity to impact key functional area KPIs

How Microsoft Copilot can help improve budget variance

Keep your budgets on track by improving employee and process efficiency.
Create internal feedback loop to identify cost saving areas:
  • Draft employee surveys focused on the value of resources utilized and ideas for cost savings
  • Analyze surveys to gain valuable insights into what makes employees happy or areas that need improvement within the organization

How Microsoft Copilot can help improve app usage rates

Create great onboarding experiences and collect and analyze feedback to improve user experiences
Create onboarding materials:
  • Use Copilot to draft training guides
  • Use Copilot to enhance employee handbooks
  • Generate news and announcements

How Microsoft Copilot can help improve the product adoption rate

Create great onboarding experiences and collect and analyze feedback to improve user experiences.
Create onboarding materials:
  • Use Copilot to draft training guides
  • Use Copilot to enhance employee handbooks
  • Generate news and announcements

How Microsoft Copilot can help improve NPS

Real-time AI assistance for faster issue resolution allows agents to focus on delivering high-quality service.
Incorporate feedback:
  • Rapidly analyze customer feedback
  • Quickly create recommendations
  • Swiftly update scripts and processes
  • Create communications to socialize the changes

How Microsoft Copilot can help reduce costs

Use the time savings gained from Copilot to bring activities in-house and reduce reliance on external resources.
Create internal feedback loop to identify cost saving areas:
  • Draft employee surveys focused value of resources utilized and ideas for cost savings
  • Analyze surveys to gain valuable insights into what makes employees happy or areas that need improvement within the organization

How Microsoft Copilot can help optimize service outage response

Copilot helps you work to get your services back up and running and maximize user satisfaction.
Respond to user complaint or inquiry:
  • Respond quickly to inbound emails
  • Access customer records for improved support
  • Gets answer fast by searching internal sites and documents

How Microsoft Copilot can help reduce average support ticket resolution time

Microsoft Copilot enhances customer support by integrating AI assistance into self-service and service desk workflows.
Increase support communications and follow up efficiency:
  • Have Copilot assist with emails inbound and outbound emails
  • Draft email comms and announcements with Copilot
  • Generate meeting notes and follow up items

The content in this example scenario is for demonstration purposes only. You should evaluate how Copilot aligns with your organization’s business processes, regulatory requirements, and responsible AI principles.