Accelerate cloud security risk remediation with Microsoft Copilot for Security

As cloud environments experience rapid expansion, evolution, and increasing complexity, security teams face a significant and growing challenge in identifying, assessing, and remediating cloud security risks across multicloud environments and developer pipelines.

With Copilot in for Cloud, security teams can efficiently identify critical risks across their multicloud environments and developer pipelines and streamline remediation efforts to make the most impact on their security posture.

The embedded Copilot capabilities in for Cloud help you accelerate time to remediation, including:

  • Assisted risk exploration skills provides contextual summaries of your cloud risks, including the most impactful risks to your cloud resources.
  • Assisted risk remediation skills that provide guidance and streamline remediation with contextual summary of security best practices, instructions, and necessary remediation .

Enhanced Risk Exploration with Copilot in Defender for Cloud

Many security admins face the burden of complex multicloud environments without the proper resources to prioritize and manage an overwhelming number of identified security risks across their environments. With Copilot in for Cloud, security admins can leverage and natural language processing to provide a more focused and efficient approach to risk management.

With assisted risk exploration, security admins can use natural language queries to explore cloud risks in a more targeted manner. A security admin can use natural language to ask Copilot about their risks, including:

  • Show critical risks to publicly exposed resources 
  • Show critical risks to sensitive data 
  • Show resources with high severity vulnerabilities 



Let's take critical risks to publicly exposed resources, for example. Copilot will use the data within the cloud map to generate a response, providing a breakdown of the resources at risk. It guides the exploration process by suggesting the next prompts to continue narrowing down risks and prioritizing the most relevant recommendations, such as those with high severity vulnerabilities.

What sets this feature apart is its seamless integration with the prioritized risk-based recommendations in Defender Cloud Security Posture Management (CSPM). This ensures that these powerful risk exploration skills are readily accessible, right where you need them, reducing noise and speeding up the process of finding the most relevant recommendations to resolve.

Assisted Remediation Skills with Copilot in Defender for Cloud

In addition to understanding risks, Copilot in Defender for Cloud helps security teams accelerate risk remediation. These skills are designed to make it faster and easier for security admins to remediate cloud risks by providing a summary with all the necessary context, -generated remediation actions, and delegation actions.



For each recommendation, you can ask Copilot in Defender for Cloud to create a summary that explains what the issue is, why it's important, and how it affects your cloud security posture.

Once you have a summary of the risk, you can ask Copilot to provide the remediation actions. Copilot will then provide -generated remediation actions. 

Additionally, you can greatly reduce time to remediation with AI-generated remediation scripts that you can run using Copilot. 


For many security admins, remediation is not a one-person task. Instead, many depend multiple resource owners, developers, or other security team members to remediate risks, potentially lengthening the time necessary to remediate risks as the security admin manages multiple tools. With Copilot, admins can facilitate collaboration with multiple delegation skills from Defender for Cloud. 


First, security admins can delegate remediation via email to the appropriate resource owner. Once remediation steps are created, Copilot can generate an email to resource owners comprised of the remediation summary, instructions, and necessary scripts.


Security teams can strengthen the security posture of their infrastructure-as-code templates in source code repositories and collaborate with their developers to fix issues in code. With this expansion of Copilot, security admins can generate and submit pull requests to developers comprised of the remediation summary, step-by-step instructions, and code fixes. 

Customers can use these skills with Copilot in Defender for Cloud to reduce the time and effort required to understand and navigate the risk landscape across their cloud environments, prioritizing the recommendations that impact their cloud security posture the most and reducing the time to remediate the associated risks.

Get started with Copilot in Defender for Cloud  

Starting June 10, Copilot in Defender for Cloud will be available in public preview for customers with both Defender CSPM and Copilot for Security.


For more information on Defender for Cloud, please visit Defender for Cloud web page. 



This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.