Microsoft Security Copilot · Bootstrap & Entry-Point Roles

Security Administrator (Bootstrap)

The Entra ID Security Administrator role is the bootstrap entry point for Security Copilot — it provisions Copilot capacity and assigns the first Copilot Owner. Cross-listed from Entra ID for discoverability.

Scope: Tenant-wide security administration, including Copilot capacity provisioning

Permissions

Capacity provisioning - Create Security Copilot capacity in Azure
Initial Owner assignment - Assign the first Copilot Owner role
All other Entra Security Administrator permissions (see Entra ID map)

Common use cases

Initial Copilot rollout
Adding capacity for growing SOC usage

Best practices

Provision capacity in a dedicated resource group for cost tracking
Hand off to Copilot Owner immediately after provisioning
Document the provisioned capacity and its tier

Security considerations

Security Administrator is highly privileged - already governed in Entra
Copilot capacity provisioning is a billed action - cost governance matters

Official Microsoft Learn documentation →

Open the interactive RBACMap →