Microsoft Security Copilot · Platform Roles
Copilot Contributor
Use Security Copilot to investigate threats, run prompts, and create promptbooks. Cannot manage workspace settings, plugins, or other users.
Scope: Day-to-day use of Security Copilot within governance set by Owners
Permissions
- Prompts - Submit prompts to Copilot in the standalone portal
- Promptbooks - Create, edit, and run promptbooks (saved prompt sequences)
- Sessions - View own session history
- Shared sessions - View sessions explicitly shared with the user
- Plugins - Use enabled plugins (cannot install or govern)
- File uploads - Upload files to Copilot if enabled by an Owner
Common use cases
- SOC analyst running incident-investigation prompts
- Threat hunter using promptbooks for repeatable hunting workflows
- Security engineer using Copilot to write or explain KQL queries
- Compliance analyst using Copilot to summarise audit findings
Best practices
- Use promptbooks to standardise common workflows across the team
- Pair with existing SOC role assignments (Security Operations Manager, Threat Hunting Analyst)
- Review own session history for prompt quality improvement
Security considerations
- Prompts can include security data - follow tenant prompt policy
- Responses are AI-generated - verify before acting
Common questions
When should I assign the Copilot Contributor role?
Assign Copilot Contributor when you need to: SOC analyst running incident-investigation prompts; Threat hunter using promptbooks for repeatable hunting workflows; Security engineer using Copilot to write or explain KQL queries; and Compliance analyst using Copilot to summarise audit findings. It is part of Microsoft Security Copilot and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Copilot Contributor role do?
The Copilot Contributor role grants permissions including: Prompts - Submit prompts to Copilot in the standalone portal; Promptbooks - Create, edit, and run promptbooks (saved prompt sequences); Sessions - View own session history; Shared sessions - View sessions explicitly shared with the user; Plugins - Use enabled plugins (cannot install or govern); and File uploads - Upload files to Copilot if enabled by an Owner. See the Permissions section above for the full list.
What are the security risks of the Copilot Contributor role?
Key considerations when assigning Copilot Contributor: Prompts can include security data - follow tenant prompt policy; and Responses are AI-generated - verify before acting. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.