Microsoft Security Copilot RBAC Roles
Microsoft Security Copilot platform roles plus the Entra-side bootstrap entry-point used to provision the Copilot tenant.
3 roles across 2 categories. Open the interactive map →
Platform Roles
Security Copilot-specific role groups governing the standalone Copilot experience (securitycopilot.microsoft.com).
-
Copilot Owner
Full control over the Security Copilot workspace. Manages role assignments, plugin governance, file uploads, prompt history, and audit settings.
-
Copilot Contributor
Use Security Copilot to investigate threats, run prompts, and create promptbooks. Cannot manage workspace settings, plugins, or other users.
Bootstrap & Entry-Point Roles
Entra ID roles required to provision Copilot capacity and to use embedded Copilot experiences in other security products.
-
Security Administrator (Bootstrap)
The Entra ID Security Administrator role is the bootstrap entry point for Security Copilot — it provisions Copilot capacity and assigns the first Copilot Owner. Cross-listed from Entra ID for…