Microsoft Security Copilot · Platform Roles
Copilot Contributor
Use Security Copilot to investigate threats, run prompts, and create promptbooks. Cannot manage workspace settings, plugins, or other users.
Scope: Day-to-day use of Security Copilot within governance set by Owners
Permissions
- Prompts - Submit prompts to Copilot in the standalone portal
- Promptbooks - Create, edit, and run promptbooks (saved prompt sequences)
- Sessions - View own session history
- Shared sessions - View sessions explicitly shared with the user
- Plugins - Use enabled plugins (cannot install or govern)
- File uploads - Upload files to Copilot if enabled by an Owner
Common use cases
- SOC analyst running incident-investigation prompts
- Threat hunter using promptbooks for repeatable hunting workflows
- Security engineer using Copilot to write or explain KQL queries
- Compliance analyst using Copilot to summarise audit findings
Best practices
- Use promptbooks to standardise common workflows across the team
- Pair with existing SOC role assignments (Security Operations Manager, Threat Hunting Analyst)
- Review own session history for prompt quality improvement
Security considerations
- Prompts can include security data - follow tenant prompt policy
- Responses are AI-generated - verify before acting