This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
A security analyst frequently runs the same set of prompts to investigate failed sign in attempts in Microsoft Entra. What should the analyst create to avoid entering these prompts manually each time?
A custom plugin
A custom promptbook
A new workspace
An insider risk alert in Microsoft Purview indicates that a user copied sensitive data to a USB device. Which capability does Security Copilot provide to help investigate this alert?
Automatically blocks the USB device from further use
Summarizes the user's activity and identifies key risk patterns
Generates a compliance report for the user's manager
A security analyst is investigating a complex incident in Microsoft Defender XDR that involves dozens of alerts across multiple devices. How does Security Copilot assist with this investigation?
It automatically resolves the incident and closes all related alerts
It restricts access to the affected devices until the investigation is complete
It summarizes incident activity, connects related events, and provides guided responses
An organization needs to identify unlabeled documents before a cloud migration. Which Microsoft Purview feature, enhanced by Security Copilot, helps analyze eDiscovery search results to assess compliance risk?
Activity explorer
Data Loss Prevention (DLP) alerts
eDiscovery content search with Security Copilot summarization
What determines the security data a Copilot contributor can access within Security Copilot?
The plugins that are enabled in the workspace
The contributor's Microsoft Entra and Azure RBAC roles
The owner settings configured for the workspace
You must answer all questions before checking your work.
Was this page helpful?
Need help with this topic?
Want to try using Ask Learn to clarify or guide you through this topic?