Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Security Copilot agents are AI powered processes that are designed to help you with specific role based tasks. Microsoft Purview offers a Microsoft Purview Data Loss Prevention (DLP) triage agent in preview and a Microsoft Purview Insider Risk Management triage agent. These agents provide a managed alert queue where the highest risk activities are identified and prioritized. The agent analyzes the content and potential intent involved in the activity based on the organization’s chosen parameters and level of risk tolerance. The agent offers a comprehensive explanation for the logic behind the categorization.
The agent is available in the Microsoft Purview embedded experiences. For more information, see embedded experiences.
Triaging and assigning a priority to alerts can be complex and time consuming. When you have an agent triage and prioritize alerts, according to the parameters that you set, the amount of time required to complete the task is reduced. The agent helps you focus on the most important alerts by sifting them out from the noise of lower risk alerts. This improves your response time and helps increase the efficiency and effectiveness of your team.
For information on deploying, configuring, and using the agents, see Get started with the Microsoft Purview Agents.
Before you begin
If you're new to Security Copilot or Security Copilot agents, you should familiarize yourself with the information in these articles:
- Microsoft Security Copilot agents overview
- What is Microsoft Security Copilot?
- Microsoft Security Copilot experiences
- Get started with Microsoft Security Copilot
- Understand authentication in Microsoft Security Copilot
- Prompting in Microsoft Security Copilot
- Configure Owner settings
Security Copilot agent concepts
The Microsoft Purview Triage Agents run on Security Compute Units (SCU). Your organization must have SCUs provisioned for the agents to run. For more information, see SKU/subscriptions licensing.
Triggers
Triggers are groupings of parameters whose values must be met in order for the agent to triage any given alert. Triggers include:
- Time frame: You can define the time scope that alerts are generated in for triaging. See, Select Alert timeframe.
- Policies: You can configure the agent to triage alerts from policies you select. See, Setup agents.
Important
Agents aren't Administrative unit aware. However, if the agent is running in the context of an administrative unit restricted admin, and there are policies that are administrative unit scoped to that admin, the agent will only see alerts from the policies that are scoped to the admin unit.
Run automatically or manually
When you deploy an agent, and when you edit triggers, you can select whether the agent will run automatically based on a set schedule or Agent will run manually on one alert at a time . If you select Run automatically based on a set schedule, the agent will triage the alerts that are included in the Select Alert timeframe setting.
Select alert timeframe
When you deploy an agent, and when you edit an agent’s triggers, you can pick the timeframe that the agent will use to scope, which alerts to triage. The options are:
- Only triage new alerts
- Last 24 hours
- Last 48 hours
- Last 72 hours
- Last 7 days
- Last 14 days
- Last 21 days
- Last 30 days
If you select Only triage new alerts, the agent only triages alerts that are generated after the agent is deployed. The agent won't triage any alerts that were generated before the agent was deployed. This means that all the Last # hours or days options are ignored.
If you select any of the Last # hours or days options, the agent triages alerts that were generated in the selected timeframe. This allows you to triage all that were generated before the agent was deployed. All newly generated alerts are also triaged.
Important
The time frame scope for alerts to be triaged is anchored to the moment of successful agent enablement. Essentially, the clock starts ticking then when the agent is enabled. So, Last number of hours or days refers to the time period prior to agent deployment. This is not a rolling time frame.
Security context
Agents run in the security context of the user that last configured them. The security context must be renewed every 90 days. The agent stops running if the user is removed or deleted from the tenant or if the user is disabled.
Custom Instructions
During the agent configuration process you can give the agent custom instructions. Microsoft Purview agents use these natural language instructions to enhance alert triage by:
Translating your input into structured classification logic.
Running this logic against the document content associated with each alert.
Raising the alert’s priority if the content matches your custom instruction.
For custom instructions, we only analyze document content, not metadata, or behavioral attributes. This means the agent supports content categories like:
- tax, financial or legal information
- named entities, like credit card numbers, social security numbers, and names
- logical conditions like more than 5 SSNs, contains financial documents
If you're unsure whether the condition you want to use is supported, check whether it is marked as a content condition. If it is, the agent can use it in custom instructions.
For example, if you enter: “I want to focus on alerts with content that is tax or finance related and contains more than five credit card numbers or SSNs.” The agent interprets this as:
{
"logic_expression": "MATCH(content, 'Tax') or MATCH(content, 'Finance') and (COUNT(content, 'U.S. social security number') >= 5) or (COUNT(content, 'U.S. credit card number') >= 5)"
}
Triaged alerts
The agent will triage alerts based on the trigger configuration. The agent will triage alerts that are generated in the timeframe you selected and are from the policies you selected. Not all alerts are triaged. For more information, see Setup agents.
Triaged alerts are grouped into four categories:
All: This category includes all the alerts that the agent has triaged. The count indicated in the category may not accurately reflect the true number of alerts until you go into that view and scroll down to load all the alerts. If the conditions that caused the alert to be raised in the first place have changed, or if the alert hasn't been triaged yet, you can select the alert and then select Run agent to manually run the agent on the alert.
Needs attention: These are the alerts that the agent has reasoned over and determined that they pose the greatest risk to your organization. When you select one of these alerts, the details flyout opens to show a summary of the alert and other details.
Less Urgent: These are the alerts that the agent has evaluated and determined that they pose a lower risk to your organization. When you select one of these alerts, the details flyout opens to show a summary of the alert and other details.
Not categorized: These are the alerts that the agent wasn't able to successfully triage. This can happen for many reasons, including: - Server error - In process of reviewing - other error - Unsupported error for alerts that contain activities that the agent doesn't support.
Agents triage files up to 2 MB in size.
How agents prioritize
The DLP triage agent prioritizes alerts based these risk factors:
- Content Risk: This is the primary risk factor used during agent triage, it covers sensitive content based on Microsoft provided SITs, trainable classifiers, and default sensitivity labels. For more information, see default sensitivity labels.
- Exfiltration Risk: Exfiltration of sensitive data shared externally.
- Policy Risk: Policy mode and rules with actions impact the prioritization of alerts.
- Content Risk: Label removed or downgraded.
- Exfiltration Risk: Exfiltration of sensitive data.
The Insider Risk Management alert triage agent prioritizes alerts based on:
- Activity risk: The agent identifies activities with the highest risk of exfiltration and reports historical alert insights.
- File risk: The agent analyzes content of files that are at risk of being exfiltrated and provides a document summary and risky analysis of each file.
- User risk: Attributes of the user that can impact the prioritization of alerts such as priority user group configuration or number of currently active cases.
Alert Triage details
Important
The DLP triage agent only supports alerts from policies that are in active mode. The DLP alert triage agent doesn't triage alerts from DLP policies that are running in simulation mode.
Agents are able to review alerts that were generated up to 30 days prior to the enablement of the agent if the tenant has sufficient SCUs. Alerts that were generated more than 30 days prior to agent enablement are out of scope.
The DLP triage agent triages alerts from Exchange, SharePoint, OneDrive, Teams.
In DLP, the agent doesn't triage alerts that are triggered by custom sensitive information types (SIT) and custom trainable classifier conditions only. Alerts triggered by non-SITs/non-trainable classifier policy conditions only such as Email subject match aren't triaged.
You should perform manual analysis on alerts that can't be fully evaluated by the agent.
Partially triaged alerts
Here are some examples of situation where alerts may be partially triaged.
- DLP rule contains some conditions that aren't supported such as
The user accessed a sensitive site from Edge - The DLP rule includes certain conditions, but the system is unable to retrieve the corresponding properties of the email or files such as
Document couldn't be scanned. - During preview the insider risk management agent will only analyze SharePoint file content. It doesn't analyze email and device activities with accompanying files. If an alert contains only email or device activities, it will not be analyzed.
- An alert generated from policy only looking at endpoint or email activities for Insider Risk Management.
Content Analysis
There are some situations where content analysis may be limited.
The content risk prioritization of an alert is based on Microsoft provided SITs, trainable classifiers, and sensitivity labels in content. When an agent evaluates content risk, it only looks for Microsoft provided SITs, and trainable classifiers that are defined in the policy.
When a DLP alert is associated fewer than 10 files, all the files are scanned by the agent and used in the content summary. When an alert has more than 10 or more files, the potentially top 10 files are used to generate the file risk summary. In DLP, the triage agent picks the top 10 risky files based the number of policy classifier hits, the file size, and the last time the file was accessed. When this happens the agent provides a note stating that all the files in the alert weren't included in the content summary.
In Insider Risk Management, the potentially top 10 risky files criteria are based on:
- File Names, paths, extensions
- Microsoft provided SITs, trainable classifiers, and sensitivity labels.
- If the file is considered Priority Content from IRM policy configurations
- Risk score of activity associated with the file.
- File metadata. for example, is the content hidden or does it have a protected label.
- Custom instructions if present.
In Insider Risk Management, the agent only supports SharePoint and OneDrive files for content analysis. This only impacts the File risk section, the Activity, and User risk sections aren't impacted by this support limitation.