Microsoft Security Copilot · Platform Roles
Copilot Owner
Full control over the Security Copilot workspace. Manages role assignments, plugin governance, file uploads, prompt history, and audit settings.
Scope: Single Security Copilot workspace (standalone portal and embedded experiences)
Permissions
- Workspace management - Configure all Copilot workspace settings
- Role assignments - Add or remove Owners and Contributors
- Plugins - Install, enable, disable, and govern plugins (Microsoft and third-party)
- File uploads - Manage uploaded files and configure upload settings
- Prompt history - View prompt history across all users
- Audit - Review Copilot audit logs (also surfaces in Purview)
- Capacity - Manage provisioned Copilot capacity (SCUs)
Common use cases
- Initial Security Copilot provisioning and configuration
- Governing which plugins are available to users
- Tier 3 SOC lead managing Copilot for the security team
- Compliance review of Copilot prompt history
Best practices
- Limit to 2-3 owners across the security organisation
- Use Microsoft Entra security groups for role assignment
- Review plugin installations quarterly
- Enable audit logging from day one
Security considerations
- Prompts and responses can contain sensitive security data — Owner sees all history
- Plugins can connect to third-party services — vet before enabling
- File uploads are processed by Copilot; treat upload governance as DLP-equivalent