Microsoft Security Copilot · Platform Roles

Copilot Owner

Full control over the Security Copilot workspace. Manages role assignments, plugin governance, file uploads, prompt history, and audit settings.

Scope: Single Security Copilot workspace (standalone portal and embedded experiences)

Permissions

  • Workspace management - Configure all Copilot workspace settings
  • Role assignments - Add or remove Owners and Contributors
  • Plugins - Install, enable, disable, and govern plugins (Microsoft and third-party)
  • File uploads - Manage uploaded files and configure upload settings
  • Prompt history - View prompt history across all users
  • Audit - Review Copilot audit logs (also surfaces in Purview)
  • Capacity - Manage provisioned Copilot capacity (SCUs)

Common use cases

  • Initial Security Copilot provisioning and configuration
  • Governing which plugins are available to users
  • Tier 3 SOC lead managing Copilot for the security team
  • Compliance review of Copilot prompt history

Best practices

  • Limit to 2-3 owners across the security organisation
  • Use Microsoft Entra security groups for role assignment
  • Review plugin installations quarterly
  • Enable audit logging from day one

Security considerations

  • Prompts and responses can contain sensitive security data — Owner sees all history
  • Plugins can connect to third-party services — vet before enabling
  • File uploads are processed by Copilot; treat upload governance as DLP-equivalent

Common questions

When should I assign the Copilot Owner role?

Assign Copilot Owner when you need to: Initial Security Copilot provisioning and configuration; Governing which plugins are available to users; Tier 3 SOC lead managing Copilot for the security team; and Compliance review of Copilot prompt history. It is part of Microsoft Security Copilot and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Copilot Owner role do?

The Copilot Owner role grants permissions including: Workspace management - Configure all Copilot workspace settings; Role assignments - Add or remove Owners and Contributors; Plugins - Install, enable, disable, and govern plugins (Microsoft and third-party); File uploads - Manage uploaded files and configure upload settings; Prompt history - View prompt history across all users; and Audit - Review Copilot audit logs (also surfaces in Purview). See the Permissions section above for the full list.

What are the security risks of the Copilot Owner role?

Key considerations when assigning Copilot Owner: Prompts and responses can contain sensitive security data — Owner sees all history; Plugins can connect to third-party services — vet before enabling; and File uploads are processed by Copilot; treat upload governance as DLP-equivalent. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →