Wolkenman.nl | It's all about Intune

By

Jan Mulder

·

Microsoft Copilot in Intune (Part I)

Earlier this month, Security Copilot was released along with the public preview of Copilot in Intune. In this series of blogs, I will take you through the possibilities of Copilot within Microsoft Intune, what is currently possible and what is not, and of course, what you need. And of course, I’ll be running up my…


Earlier this month, Security Copilot was released along with the public preview of Copilot in Intune. In this series of blogs, I will take you through the possibilities of Copilot within Microsoft Intune, what is currently possible and what is not, and of course, what you need. And of course, I’ll be running up my credit card expenses by giving it a try.

Copilot in Intune, what is it?
Microsoft Security Copilot has integration with Microsoft Intune. Through Security Copilot, you have the ability to utilize the generative AI of Security Copilot within your Microsoft Intune environment. This can be done either through the prompt on the Copilot portal or via the UI of Microsoft Intune itself.

Copilot is embedded in Intune and is available in the Microsoft Intune management center. The Copilot prompts and their outputs are situated within the context of Intune and your Intune data.

This experience is focused on IT administrators/IT professionals.

Microsoft Copilot for Security: this option is standalone Copilot and is available in the Microsoft Copilot for Security portal. You can use this portal to gather insights from Copilot for Security for all your enabled services, such as Intune, Microsoft Defender, Microsoft Entra ID, Microsoft Purview, and more.

This experience is focused on Security Operations Center (SOC) and can be used by IT administrators.

What do I need for Copilot in Microsoft Intune?

License
To begin with, you naturally need a Microsoft Intune environment along with Security Copilot. Apart from having Security Copilot SCU, there are no other license requirements or additional Intune licenses needed.

Copilot enable in Intune
If you create a Security Copilot SCU, the public preview for Intune will automatically be activated under tenant administration in the Microsoft Intune Portal

Copilot roles.
Access to Copilot in Intune is managed through Security Copilot or Entra ID. If you want to use Copilot for Security, you need to be a member of the correct role.

  • Cipilot Contributor
  • Copilot Owner
  • Security Administrator
  • Global Admin
  • Intune Administrator

Intune enabled within Security Copilot.
If you want to use Intune within Security Copilot, the Intune plugin must be enabled in the Security Copilot environment. (It is enabled by default.)

Access to Intune data with Copilot?

Administrators have the same rights with Copilot as they currently have within Microsoft Intune. Copilot utilizes existing Graph APIs. These APIs are the same as those used in the Intune management center.

How do I use Copilot in Intune?
If the above data is present, then you are ready for Copilot in Intune! Within Microsoft Intune, you cannot avoid it.

Copilot can be found in various locations within Microsoft Intune.

Devices:
Als je een device selecteert binnen Intune heb je nu de mogelijkheid tot Explore with Copilot.

Explore with Copilot geeft je onder andere de mogelijkheid tot summarize this device, Analyse an error code, Show Apps on this device, Show Group memberships en nog veel meer.


Compliance policies
The compliance policies within Intune have a copilot icon next to them, allowing for more information to be requested about this specific function within the compliance policy.

Configuration Profiles
Configuration profiles can be analyzed with Copilot, providing advice on the security impact for your devices and users.


Summarize with Copilot.

Within Microsoft Intune, it is possible to perform a summarize of the configuration in several places.

  • Windows devices
  • iOS/iPadOS devices
  • Android devices
  • Configuration profiles.
  • Compliance profiles
  • Security baselines
  • Antivirus policies
  • Windows Disk Encryption
  • macOS Encryption
  • Firewall policies
  • Endpoint Privilege Management
  • Endpoint Detectie and response
  • Attack surface reduction
  • Account protection


Okay! Let’s give it a try. We’ll ask Copilot to create a summary of my policy that I use for SkipUserStatusPage.

Copilot has reviewed the policy and created the following summary.


The summary provides a clear picture of what the policy does and what is configured. At the bottom of the prompt, we see recommendations for a follow-up question. We ask Copilot the question: “Describe the impact of this policy on users.”


Copilot provides a comprehensive summary of the potential risks and impact on users and devices.

Let’s create a new compliance policy and ask what the BitLocker setting does.


If we look at the sessions on https://securitycopilot.microsoft.com, we can see that every action in the Intune portal is a session on securitycopilot.microsoft.com, where you can see the prompt being asked to Copilot.

Within Security Copilot, we see the session that Microsoft Intune has created to retrieve the data within Copilot.

The UI in Copilot then displays the answer.

We do the same thing again with a device summary. We’ll take a VM that I’ve connected to Intune via Azure Virtual Desktop.

We once again see a new session emerging within Copilot.


This retrieves all the information within the device.

And then displays it within Microsoft Intune.

As you can see, you can trace back the prompts you give via the UI in Intune to Copilot within the Security Copilot portal.

Using the prompt makes asking for information much easier, but for Intune Administrators, the UI is very user-friendly for analysis and advice.

We now ask Security Copilot via the prompt which devices have been enrolled in the last 24 hours.


We ask for more information about device AVW-0.


Then, we ask if there are any security notifications related to this device.

Copilot automatically generates a KQL query for this.

Conclusie
Security Copilot, along with Microsoft Intune, is a fantastic tool, but currently, it’s also quite expensive. With Security Copilot, you can pull almost all device, app, and user data from Microsoft Intune and match it with the other security tools you use within Microsoft 365.

The UI options provide Intune administrators with Copilot resources to gather more information about features, error codes, and device security advice. Through Security Copilot, you receive excellent analyses and recommendations to make the right choices within Microsoft Intune. The preview is already quite powerful in its output, and I am quite impressed. In the coming time, I want to delve deeper into the analysis capabilities of Security Copilot in conjunction with Microsoft Intune, but for that, stay tuned for part two of my blog!

Tags:

Response to “Microsoft Copilot in Intune (Part I)”

  1. Intune Newsletter – 12th April 2024 – Andrew Taylor

    […] Microsoft Copilot in Intune (Part I) […]

    Like

    Reply

Leave a comment

Design a site like this with WordPress.com
Get started